02-06-2012 12:43 PM - edited 03-11-2019 03:24 PM
Hello,
I have got a replacement for my faulty fwsm,does anybody know the new FWSM which is shipped contains which IOS bydefault?????. And do we require a license (activation key) to upgrade from 3.2 to 4.1.?????? or the existing activation of 3.2 will work for 4.1.
FWSM# sh version
FWSM Firewall Version 3.2(5)
Device Manager Version 5.2(1)F
FWSM up 1 days 0 hours
failover cluster up 1 days 0 hours
Hardware: WS-SVC-FWM-1, 1024 MB RAM, CPU Pentium III 1000 MHz
Flash STI Flash 8.0.0 @ 0xc321, 20MB
0: Int: Not licensed : irq 5
1: Int: Not licensed : irq 7
2: Int: Not licensed : irq 11
The Running Activation Key is not set, using default settings:
Licensed features for this platform:
Maximum Interfaces : 256
Inside Hosts : Unlimited
Failover : Active/Active
VPN-DES : Enabled
VPN-3DES-AES : Enabled
Cut-through Proxy : Enabled
Guards : Enabled
URL Filtering : Enabled
Security Contexts : 2
GTP/GPRS : Disabled
BGP Stub : Disabled
VPN Peers : Unlimited
Serial Number:
Running Activation Key:
Thanks
Solved! Go to Solution.
02-07-2012 01:18 PM
Hello Jack,
That is correct, you will need to get into the CLI to get the IOS version with the show version command.
Now regarding the license, you need to have the same license on both devices in order for failover to work:
The two units in a failover configuration must have the same major (first number) and minor (second number) software version. However, you can use different versions of the software during an upgrade process. For example, you can upgrade one unit from Version 3.1(1) to Version 3.1(2) and have failover remain active. Cisco recommends to upgrade both units to the same version to ensure long-term compatibility.
You might receive this syslog because of an incompatible license:
FWSM-1-105045: (Primary) Mate license (number contexts) is not compatible with my license (number contexts). FWSM-1-105001: (Primary) Disabling failover.
Regards,
Julio
02-08-2012 12:53 PM
Hello jack,
That is correct, if you have an activation key installed on your device and you do an upgrade the activation key will remain activated.It will not disappear.
Regards,
Julio
02-09-2012 09:54 AM
Hello Jack,
Yeap, finally we are on the same page lol
That is all you need!
Please mark the question as answered so future users can learn from here.
Regards,
Julio
Do rate all the helpful posts!!
02-07-2012 12:15 PM
Hello Experts
Can anybody put some light on the query above
02-07-2012 12:34 PM
Hello Jack,
I have got a replacement for my faulty fwsm,does anybody know the new FWSM which is shipped contains which IOS bydefault?????.
There is no bydefault on this scenarios, In your case the ios version you got is 3.2(5) as you can see on the show version.
And do we require a license (activation key) to upgrade from 3.2 to 4.1.?
Nop. please read the following link, it will help you on this query
http://www.cisco.com/en/US/docs/security/fwsm/fwsm41/release/notes/fwsmrn41.html#wp215348
And for your information:
Note If you do not have an activation key entered (0x000) before upgrading, then when you enter the show version command after upgrading, you see the following message:
The running activation key is not valid
This cosmetic issue can be ignoredl; the FWSM is not affected.
Regards,
Do rate helpful posts!!!
Julio
02-07-2012 12:50 PM
Thanks for ur reply Julio
The FWSM supports the following licensed features:
•Multiple security contexts. The FWSM supports two virtual contexts plus one admin context for a total of three security contexts without a license. For more than three contexts, obtain one of the following licenses:
–20
–50
–100
–250
•BGP stub support.
•GTP/GPRS support
Thanks pls reply.
02-07-2012 01:18 PM
Hello Jack,
That is correct, you will need to get into the CLI to get the IOS version with the show version command.
Now regarding the license, you need to have the same license on both devices in order for failover to work:
The two units in a failover configuration must have the same major (first number) and minor (second number) software version. However, you can use different versions of the software during an upgrade process. For example, you can upgrade one unit from Version 3.1(1) to Version 3.1(2) and have failover remain active. Cisco recommends to upgrade both units to the same version to ensure long-term compatibility.
You might receive this syslog because of an incompatible license:
FWSM-1-105045: (Primary) Mate license (number contexts) is not compatible with my license (number contexts). FWSM-1-105001: (Primary) Disabling failover.
Regards,
Julio
02-07-2012 10:30 PM
Dear Julio,
02-08-2012 10:11 AM
Hello Jack,
You do not need the activation key to do the upgrade, you need the activation key to failover to work.
Regards,
Julio
02-08-2012 11:33 AM
Dear Julio,
Still i m in doubt, it is not clear to me julio,
Thanks
02-08-2012 11:39 AM
Hello Jack,
lol I think we are not communicating properly!
Here is the thing, you do not need an activation key to run a upgrade on the FWSM.
Now you have a failover cluster on your network and you want to introduce this new FWSM in that cluster, for that to work you will need to have the same license than before, so you DO need to upgrade the license to make it work.
Without it you will have a license mismatch and failover will not work.
Hope this time this can help!
Regards,
Do rate all the helpful posts!!!!
Julio
02-08-2012 12:48 PM
Hello Julio,
Dear yes we are not communicating properly,
Here is the thing, you do not need an activation key to run a upgrade on the FWSM ???
this means after upgrading from 3.2 to 4.1 you dont have to get the new activation key for failover to work. The existing activation-key of 3.2 will work???
Thanks
02-08-2012 12:53 PM
Hello jack,
That is correct, if you have an activation key installed on your device and you do an upgrade the activation key will remain activated.It will not disappear.
Regards,
Julio
02-08-2012 10:36 PM
Dear Julio,
The Conclusion what i have reached to is:
Thanks Julio
02-09-2012 12:21 AM
Hello guys,
Somebody knows how can I read the compact flash partition (cf:4 and cf:5) for Firewall Service Module? I would like to check the content of the compact flash partition before make the upgrade to a new release.
Thanks!
02-09-2012 09:54 AM
Hello Jack,
Yeap, finally we are on the same page lol
That is all you need!
Please mark the question as answered so future users can learn from here.
Regards,
Julio
Do rate all the helpful posts!!
02-09-2012 11:52 AM
Dear Julio,
Thanks for ur help and being to be pateints for explaining me. I have given you the rating on each reply,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide