cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
868
Views
5
Helpful
5
Replies

FMC HA Pair reboot after update

tgillon
Level 1
Level 1

I have 2 new Firepower devices in a HA Pair scenario, and I want to install an update on them through my FMC GUI.  It states that reboots of the firewalls are necessary to complete the update.  I have to assume that the reboots will not occur simultaneously, taking down my Internet connection.  Am I correct in that thinking?

1 Accepted Solution

Accepted Solutions

@tgillon with FMC-managed HA pairs, FMC has the orchestration built-in to copy the image to both units, upgrade the standby unit first and - only after it succeeds - to do the role switch and upgrade the formerly active unit. With ASAs we had to do all that manually.

View solution in original post

5 Replies 5

@tgillon I assume you are referring to upgrading an FTD HA pair via the FMC?

Yes, you can upgrade the FTD's without disrupting traffic flow.

"You can upgrade the system software running on the devices in a high availability pair without disrupting traffic in your network. Basically, you upgrade the standby device, so that the active device continues handling traffic. After the upgrade completes, you switch roles and again upgrade the standby unit"

Thanks for the quick reply, Rob.  That's the way I used to do it with my ASA's.  But, with the FMC and the firewalls being in a HA-PAIR, I can't individually select the separate devices, it's both or none.

@tgillon ignore the first guide provided it was for FDM, below is the correct guide. It has the procedure to upgrade from the FMC. https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/upgrade/management-center/710/upgrade-fmc-710/upgrade-threat-defense.html

 

@tgillon with FMC-managed HA pairs, FMC has the orchestration built-in to copy the image to both units, upgrade the standby unit first and - only after it succeeds - to do the role switch and upgrade the formerly active unit. With ASAs we had to do all that manually.

Thanks Marvin, that was the answer I was looking and hoping for!

Review Cisco Networking for a $25 gift card