cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

24853
Views
35
Helpful
5
Replies
CODNetadmin
Beginner

ASA Upgrade (Active-Standby) Procedure

Hi All,

Just want to verify if our planned upgrade of ASA will not cause any trouble during the procedure.

Hardware: ASA5525-X

Existing IOS: 9.1.2

Upgrade to: 9.4.2(11)

Setup: Active Standby

We plan to upgrade the standby first, after this, Is the Standby still going to take over after we force a failover to it so that we can then upgrade the Primary Firewall.

Many thanks!

1 ACCEPTED SOLUTION

Accepted Solutions
Marvin Rhoads
VIP Community Legend

Yes, that's the process. I've done it many times it it works perfectly when you follow the documented procedure.

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/111867-asa-failover-upgrade.html#actstand

View solution in original post

5 REPLIES 5
Marvin Rhoads
VIP Community Legend

Yes, that's the process. I've done it many times it it works perfectly when you follow the documented procedure.

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/111867-asa-failover-upgrade.html#actstand

Just a follow up question Marvin, does that mean that when i upgraded the Standby and I switchover to the upgraded standby, is it going to be a seamless failover (sessions maintained)? Or will it have a quick downtime due to the sessions dropped.

Thanks!

If you do not have stateful failover configured, individual TCP connections will have to be re-established. If a given application is sensitive to that, a small impact may be noticed. Most end user traffic (web browsing, email etc) generally recovers seamlessly to such an interruption. With stateful failover even that small interruption does not happen. 

Thanks so much, Marvin!

CODNetadmin
Beginner

Thanks Marvin! This is very helpful.
Create
Recognize Your Peers
Content for Community-Ad