Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
867
Views
5
Helpful
5
Replies

FMC HA Pair reboot after update

Go to solution
tgillon
Level 1
Level 1

‎07-21-2022 11:46 AM - edited ‎07-21-2022 11:47 AM

I have 2 new Firepower devices in a HA Pair scenario, and I want to install an update on them through my FMC GUI.  It states that reboots of the firewalls are necessary to complete the update.  I have to assume that the reboots will not occur simultaneously, taking down my Internet connection.  Am I correct in that thinking?

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to tgillon

‎07-21-2022 08:46 PM

@tgillon with FMC-managed HA pairs, FMC has the orchestration built-in to copy the image to both units, upgrade the standby unit first and - only after it succeeds - to do the role switch and upgrade the formerly active unit. With ASAs we had to do all that manually.

View solution in original post

5 Replies 5

Go to solution
Rob Ingram
VIP
VIP

‎07-21-2022 11:51 AM - edited ‎07-21-2022 12:00 PM

@tgillon I assume you are referring to upgrading an FTD HA pair via the FMC?

Yes, you can upgrade the FTD's without disrupting traffic flow.

"You can upgrade the system software running on the devices in a high availability pair without disrupting traffic in your network. Basically, you upgrade the standby device, so that the active device continues handling traffic. After the upgrade completes, you switch roles and again upgrade the standby unit"

0 Helpful

Go to solution
tgillon
Level 1
Level 1
In response to Rob Ingram

‎07-21-2022 11:55 AM

Thanks for the quick reply, Rob.  That's the way I used to do it with my ASA's.  But, with the FMC and the firewalls being in a HA-PAIR, I can't individually select the separate devices, it's both or none.

0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to tgillon

‎07-21-2022 12:00 PM

@tgillon ignore the first guide provided it was for FDM, below is the correct guide. It has the procedure to upgrade from the FMC. https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/upgrade/management-center/710/upgrade-fmc-710/upgrade-threat-defense.html

 

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to tgillon

‎07-21-2022 08:46 PM

@tgillon with FMC-managed HA pairs, FMC has the orchestration built-in to copy the image to both units, upgrade the standby unit first and - only after it succeeds - to do the role switch and upgrade the formerly active unit. With ASAs we had to do all that manually.

Go to solution
tgillon
Level 1
Level 1
In response to Marvin Rhoads

‎07-22-2022 06:09 AM

Thanks Marvin, that was the answer I was looking and hoping for!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card