Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
244
Views
4
Helpful
4
Replies

FTD Ugrade

Go to solution
N3om
Level 1
Level 1

‎05-15-2024 07:37 AM

HI

Bit of a weird question, when I initiate an upgrade of an FTD 2100 from FMC, does the FTD stop forwarding straight away or does it have to get to a point in the upgrade before it stops forwarding our tr

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎05-15-2024 09:38 AM

For a standalone device, there is a point about 30% into the process where the "stop system" script will shutdown dataplane forwarding.

As noted by @balaji.bandi a High Availability (HA) pair upgrade will be zero downtime since the Standby member will upgrade first and, only after it is verified as successful, it then becomes Active and the other member will be upgraded.

If it's in production, a maintenance window should always be planned and approved to manage users' expectations.

View solution in original post

4 Replies 4

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎05-15-2024 07:44 AM

Depends on FTD setup, if they are in HA then traffic should able to get through on the process.

If the standalone, i would expecte upgrade start to end will not pass any traffic. (better do this upgrade in maintenance window)

Note : take the configuration out of the box, read the release notes, first upgrade FMC before upgrading to FTD by checking the compatable matrix)

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Go to solution
MHM Cisco World
VIP
VIP

‎05-15-2024 07:53 AM

ypu upgrade you dont know how time it take and what issue you will face' 

It better to do upgrade in window and that time if upgrading stop or not stop forwarding data it dont matter 

MHM

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎05-15-2024 09:38 AM

For a standalone device, there is a point about 30% into the process where the "stop system" script will shutdown dataplane forwarding.

As noted by @balaji.bandi a High Availability (HA) pair upgrade will be zero downtime since the Standby member will upgrade first and, only after it is verified as successful, it then becomes Active and the other member will be upgraded.

If it's in production, a maintenance window should always be planned and approved to manage users' expectations.

Go to solution
RodneyWilkins11
Level 1
Level 1

‎05-15-2024 09:46 AM

When you upgrade the FTD 2100 from FMC, it may keep forwarding traffic until it reaches a specific point in the upgrade process where it needs to pause briefly. Then, it completes the upgrade before it resumes forwarding traffic again.

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card