cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
551
Views
5
Helpful
1
Replies

Firmware upgrade between 2 Cisco ASA failover mode

mthomaz
Level 1
Level 1

I have got two Cisco ASA 5510, where:

 

FW1 = Primary ASA

FW2 = Failover ASA

 

I am planning on upgrading the Firmware, for those ASA, but want to get minimal downtime possible.

 

Can I redirect all traffic to FW2 while FW1 gets upgraded, then back to FW1 while FW2 gets updated? 

Or can I just upgrade FW1 and the failover mode will automatically know that FW1 is under maintenance and will redirect all the traffic to the FW2 by itself? Cheers!

1 Accepted Solution

Accepted Solutions

Ajay Saini
Level 7
Level 7

Hello,

 

The traffic shifting between the firewalls can be done manually or automatically once a fw senses that other has failed. You can do a zero downtime upgrade, please follow the below doc:

 

https://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/admin_swconfig.html#wp1053398

 

 

Just stick to the upgrade path, details of which are in the link.

-

HTH

AJ

View solution in original post

1 Reply 1

Ajay Saini
Level 7
Level 7

Hello,

 

The traffic shifting between the firewalls can be done manually or automatically once a fw senses that other has failed. You can do a zero downtime upgrade, please follow the below doc:

 

https://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/admin_swconfig.html#wp1053398

 

 

Just stick to the upgrade path, details of which are in the link.

-

HTH

AJ

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: