Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
716
Views
0
Helpful
2
Replies

ASA 5585-x +Firepower Module code upgrade process

prashant dwivedi
Level 1
Level 1

‎04-28-2016 03:41 AM - edited ‎03-12-2019 12:40 AM

Guys,

anyone has Firewall 5585 running in cluster code upgrade process, i want same for the Cisco Firepower Module as well?

will this process at all interrupt to the data traffic ?

Thanks,

Prashant

Labels:
0 Helpful
2 Replies 2

nspasov
Cisco Employee
Cisco Employee

‎05-02-2016 12:08 AM

Hello Prashant-

Please take a look at the following link that will walk you through the steps on how to perform "hitless' upgrade. 

http://www.cisco.com/c/en/us/td/docs/security/asa/asa93/upgrade/upgrade93.html#73685

I hope this helps!

Thank you for rating helpful posts!

Thank you for rating helpful posts!
0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame

‎05-02-2016 07:57 PM

The FirePOWER modules have no awareness of the clustering among the ASAs. When you upgrade a FirePOWER module it will by default nark that cluster member as not eligible to receive traffic until the module is back online.

You can override that as of 9.5 by telling the ASAs not to monitor service modules. If you did so and had the sfr module set to "fail open" then your module upgrade impact would be minimized from a module perspective.

However you would then not be availing yourself of the protection built into an ASA cluster. Some would argue that it's better to let a member unit "fail" during the module upgrade so that the cluster can operate as intended and let another member take up the load.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card