01-27-2010 11:27 AM - edited 03-11-2019 10:02 AM
i. How often should I upgrade the ASDM and ASA software?
I am confused by the versions on the downloads section of the CISCO website - do I pick the latest version without an ED for stability?
ii. Is there a correct order? DO I updgrade the ASDM software first, and then ASA or the other way round?
01-27-2010 11:37 AM
I recommend upgrading the OS about every 6 months or so. I have some firewalls that I update ASAP and some that I only update when major vulnerabilities get patched.
You should update the ASDM the same time you update the OS. This has two meanings. First it means if you update the OS it's a good idea to update the ASDM. Second it means you can update both of them on the same reload. So when you upload the images to the ASA then you can set both asdm location and boot image location on the ASA and reload it so it updates both together.
Also, the last official stable version of ASA code cisco released was in the 7.'s. That means you can either choose a 2 year old OS because of its stability or opt for going for the most current OS because of its security patches and features. I've always gone with the very latest OS and did a thorough test after the upgrade (check VPN's, verify no new strange syslogs are going, check NAT, verify connectivity is the same etc).
01-27-2010 07:29 PM
Just one small correction.
ASDM update does not require a reboot. It takes effect right away. So, if you upgrade to a new code and asdm at the same time, the asdm may not be compatible with the code that the unit is running before the reload. So, I'd reload the ASA with the OS upgrade and then copy the new asdm over.
-KS
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide