Re: FTD 2130 upgrade issues

ugochunw123 · ‎10-30-2019

Hello,

Does someone know why upgrading a peer of FTD's disrupts service, since the peer is upgraded one at a time.

Francesco Molino · ‎10-30-2019

Hi

You shouldn't get any disruption during upgrade.
From what version to which one?
You can check on /var/log/messages if you see something that went wrong during the upgrade.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

ugochunw123 · ‎10-31-2019

From version 6.2.3.10 to version 6.4.0

Francesco Molino · ‎11-02-2019

I did several upgrades these days to 6.4 but from 6.3.
Check out if there are some bugs known related to your version, otherwise if you have another shot at this, open a tac case.
Did you looked at the log file?

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Marvin Rhoads · ‎10-30-2019

What sort of service disruption did you observe?

@Francesco Molino is correct - an upgrade of an HA pair of FTD 2130 appliances (assuming your initiated it from FMC) should not cause service disruption. This is confirmed in the 6.5 release notes as follows:

High Availability Pairs: Firepower Software Upgrade

You should not experience interruptions in traffic flow or inspection while upgrading the Firepower software on devices in high availability pairs. To ensure continuity of operations, they upgrade one at a time. Devices operate in maintenance mode while they upgrade.

The standby device upgrades first. The devices switch roles, then the new standby upgrades. When the upgrade completes, the devices' roles remain switched. If you want to preserve the active/standby roles, manually switch the roles before you upgrade. That way, the upgrade process switches them back.

https://www.cisco.com/c/en/us/td/docs/security/firepower/650/relnotes/firepower-release-notes-650/upgrade.html