Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
656
Views
3
Helpful
5
Replies

FTD 2110 HA and Upgrade to 7.X with standalone unit not in HA

arumugasamy
Level 1
Level 1

‎04-30-2023 03:52 AM - edited ‎04-30-2023 03:53 AM

Team

Thank you for your continuous support. I have to upgrade the FTD 2110 HA to one of the customers without downtime. The customer wants us to break the HA into 2 standalone units and then upgrade the standby unit first while passing the traffic through the active unit and after the standby upgraded to new software then unit has to be switchover the active has to be standby and standby has to be active and the active unit should handle the traffic while the standby unit is being upgraded. This entire process should not impact the network traffic that means without downtime.

Note: I have performed the same with ASA HA firewall pair, but FTD pair I need your expertise on how to perform the upgrade FTD 2110 HA pair without Network downtime. please support me with your knowledge 

0 Helpful
5 Replies 5

MHM Cisco World
VIP
VIP

‎04-30-2023 04:14 AM - edited ‎04-30-2023 04:32 AM

I Will make double check for fpr 2110

0 Helpful

arumugasamy
Level 1
Level 1
In response to MHM Cisco World

‎04-30-2023 04:25 AM

Thank you so much for your quick response with the guide but it is for 4100 series where FXOS to be upgraded. In our case, it is 2110 FTD series. Shall I consider all steps except the FXOS part of the document?

arumugasamy
Level 1
Level 1
In response to MHM Cisco World

‎04-30-2023 09:21 AM

Thank you so much.

Rob has given valid information and I submitted the same to the customer.

0 Helpful

Rob Ingram
VIP
VIP

‎04-30-2023 08:39 AM

@arumugasamy there is no need to break the HA pair into 2 standalone units, you should not experience interruptions in traffic flow or inspection while upgrading high availability or clustered devices. For high availability pairs, the standby device upgrades first. The devices switch roles, then the new standby upgrades. https://www.cisco.com/c/en/us/td/docs/security/firepower/70/relnotes/firepower-release-notes-700/upgrade.html#Cisco_Generic_Topic.dita_f5e65f64-d2ac-4a1f-bdc5-4bd93d5d6def

The link previously provided for upgrading HA pairs states if using 2100 or earlier platforms (1000 series) that FXOS upgrade is not applicable. That is because the FXOS upgrade is builtin to the upgrade package in 1000/2100 hardware.

More information https://www.cisco.com/c/en/us/td/docs/security/firepower/upgrade/fpmc-upgrade-guide/upgrade_firepower_threat_defense.html

You will need to ensure the FMC is already running 7.x before upgrading the FTD HA pair.

 

arumugasamy
Level 1
Level 1
In response to Rob Ingram

‎04-30-2023 09:18 AM

Thank you so much for your valid information.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card