Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3723
Views
9
Helpful
7
Replies

FWSM IOS upgrade

Go to solution
fawad.alam
Level 1
Level 1

‎05-10-2012 06:03 AM - edited ‎03-11-2019 04:05 PM

Hi,

I am upgrading IOS on 6509-E from 122-33.SXI4a to 12.2(33)SXJ3. I have FWSM module on 3.2(10).

1. Should I expect any issues with the FWSM while upgrading to the new IOS?

2. Do I need to upgrade the FWSM prior to this IOS upgrade?

3. What is the upgrade path for FWSM from 3.2(10) to the latest 4.x version? What is the current most stable 4.x version?

Would appreciate any response!

Thanks,

Fawad

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni
In response to shankar1023

‎01-25-2013 05:28 AM

Hi,

To my understanding if changes have been made to some command they are mentioned in the Release Notes. Though I wouldnt be surprised if there are some changes that are not mentioned.

We use both 3.2 and 4.0 and they have the same NAT configuration format.

FWSM in general dont even support a software that would have the new NAT configuration format. Think that is only available in the ASA modules that replace the FWSM to my understanding.

So there should be no changes to NAT configurations between the 2 software levels.

I'd imagine if you were running a lower version of the software and did the upgrade you might have some changes in the configuration format. 3.2 to 4.1 to my understanding pretty much follows the format of PIX/ASA 7.0 to 8.2

- Jouni

View solution in original post

7 Replies 7

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎05-10-2012 07:27 PM

1. The FWSM will run just the same on both the IOS versions you cited.

2. It does not need to be upgraded for your IOS to continue to interoperate with it.

3. FWSM software 4.1(9) is the latest and most stable release. It is a direct upgrade and the procedure is outlined here.For more detail, please refer here.

0 Helpful

Go to solution
shankar1023
Level 1
Level 1
In response to Marvin Rhoads

‎01-25-2013 04:38 AM

Hi Marvin,

I am going to upgrade FWSM version 3.2(23) to 4.1(9) in couple of weeks, I read in the release notes that the configurations will be automatically changed. Could you pls let me know where can I find the new features or major differences in 4.1(9)?

0 Helpful

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni
In response to shankar1023

‎01-25-2013 04:50 AM

Hi,

I would look through the different Release Notes for the FWSM at the following link

http://www.cisco.com/en/US/products/hw/modules/ps2706/prod_release_notes_list.html

Theres usually lists of "New Features" and a list of bugs that have been solved or have been noticed but not yet corrected.

I'm not sure if there is a separate tool that could compare the softwares.

When it comes to configurations I dont see they have any differences in the format for all the usual firewall configuration commands. We have both 3.2 and 4.x FWSMs also.

- Jouni

0 Helpful

Go to solution
shankar1023
Level 1
Level 1
In response to Jouni Forss

‎01-25-2013 05:08 AM

Hi Jouni,

I refered that link, is there any changes in NAT configuraitons in 4.1(9) ? or NAT commands?

0 Helpful

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni
In response to shankar1023

‎01-25-2013 05:28 AM

Hi,

To my understanding if changes have been made to some command they are mentioned in the Release Notes. Though I wouldnt be surprised if there are some changes that are not mentioned.

We use both 3.2 and 4.0 and they have the same NAT configuration format.

FWSM in general dont even support a software that would have the new NAT configuration format. Think that is only available in the ASA modules that replace the FWSM to my understanding.

So there should be no changes to NAT configurations between the 2 software levels.

I'd imagine if you were running a lower version of the software and did the upgrade you might have some changes in the configuration format. 3.2 to 4.1 to my understanding pretty much follows the format of PIX/ASA 7.0 to 8.2

- Jouni

Go to solution
shankar1023
Level 1
Level 1
In response to Jouni Forss

‎01-25-2013 05:35 AM

Thanks Jouni,

Can you also let me know is there any configuration level or command level difference between ASA 8.2(5.22) and 8.4(4.9) ? I will be upgrading my ASA boxes as well

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to shankar1023

‎01-25-2013 06:24 AM

As Jouni noted above, the FWSM 3.2 - 4.x upgrade does not change NAT syntax or operations. There were a number of minor commands added and changed which are covered in the release notes.

With ASA software, upgrading to >8.2(x) will change the NAT syntax. That is covered in much detail in several posting elsewhere on this forum. The device boot up process will make the conversion automatically but sometimes fails to convert everything completely so it's best to do some offline analysis first.

You also need to ensure your platform has the appropriate memory installed to support the software. The requirements changed with 8.3 and beyond so you need to check that first and plan to upgrade the memory if necessary. Memory upgrade is not hard - getting your ASA out of the rack is the hardest part. There are about 15 screws that hold the cover down but once you get it off it only takes a minute to pop in the new DIMM.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card