04-12-2016 01:17 AM - edited 02-21-2020 05:47 AM
Hi All,
Just want to verify if our planned upgrade of ASA will not cause any trouble during the procedure.
Hardware: ASA5525-X
Existing IOS: 9.1.2
Upgrade to: 9.4.2(11)
Setup: Active Standby
We plan to upgrade the standby first, after this, Is the Standby still going to take over after we force a failover to it so that we can then upgrade the Primary Firewall.
Many thanks!
Solved! Go to Solution.
04-12-2016 06:59 AM
Yes, that's the process. I've done it many times it it works perfectly when you follow the documented procedure.
http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/111867-asa-failover-upgrade.html#actstand
04-12-2016 06:59 AM
Yes, that's the process. I've done it many times it it works perfectly when you follow the documented procedure.
http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/111867-asa-failover-upgrade.html#actstand
04-12-2016 08:33 PM
Just a follow up question Marvin, does that mean that when i upgraded the Standby and I switchover to the upgraded standby, is it going to be a seamless failover (sessions maintained)? Or will it have a quick downtime due to the sessions dropped.
Thanks!
04-13-2016 03:43 AM
If you do not have stateful failover configured, individual TCP connections will have to be re-established. If a given application is sensitive to that, a small impact may be noticed. Most end user traffic (web browsing, email etc) generally recovers seamlessly to such an interruption. With stateful failover even that small interruption does not happen.
02-17-2017 07:11 AM
Thanks so much, Marvin!
04-12-2016 06:40 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide