Solved: FWSM upgrade...

ahmed.gadi · ‎05-10-2011

Hi all,

I have FSWM active/standby installed in 6509-E core switches running following

FWSM Firewall Version 3.1(3)
Device Manager Version 5.0(2)F

I want to upgrade to latest FWSM version as well as ASDM, I downloaded asdm-622f.bin and c6svc-fwm-k9.4-1-5.bin from cisco portal.

When i checked the show version of FWSM, it says

The Running Activation Key is not valid, using default settings:

Running Activation Key: 0x00000000 0x00000000 0x00000000 0x00000000

I have gone through threads on CSC about how to upgrade FWSM in failover mode, now my concern is, Do i have to take care about activation key or keep as it is ? I have maintenance contract with cisco for all devices.

Can anybody sugest me about this ?

Regards

Ahmed...

MarkoTanaskovic · ‎05-24-2011

Hi,Ahmed,

yes, you have to upgrade the switch IOS to the supported version.The switch SW and the FWSM SW do communicate and the proper versioning has to be taken care of.

Check out the release notes for the FWSM 4.1.x : http://www.cisco.com/en/US/docs/security/fwsm/fwsm41/release/notes/fwsmrn41.html - Table 2 for the 6k5 switch. Upgrade the switch IOS and then the FWSM OS. If you have a a failover pair and you are upgrading to a new minor or major version, you should reload both blades at the same time. You must not allow them to have different SW versions, since theywill both become active and cause problems. If you are upgrading to a maintenance release, then you can perform a zero downtime upgrade.

Hope this helps.

Regards,

Marko

P.S. Also do not forget to chech the version of the maintenance partition.

Message was edited by: Marko Tanaskovic

View solution in original post

brquinn · ‎05-10-2011

Ahmed,

When you see your license as all 0's, that means you have the default license. With the default FWSM software, up to two security contexts and an additional special administrative context are provided. For more security contexts, a license must be purchased.

Bottom line is that you currently do not have a license for additional contexts installed. When you upgrade your FWSM software, you don't need to worry about your license. If you did have a license, it would be migrated automatically when you changed software versions.

Thanks,

Brendan

ahmed.gadi · ‎05-10-2011

many thanks Brendan,,,

Indeed, i do not have any context based scenario, so yes, i can go ahead with upgrade without activation key issue.

I have gone through thread of CSC

https://supportforums.cisco.com/thread/2063596

and cisco document

http://www.cisco.com/en/US/docs/security/fwsm/fwsm41/configuration/guide/swcnfg_f.html#wp1064244

now its confusing about exact procedure to do upgrade, can you please let me know the exact procedure for active/standby FWSM upgrade ?

One more thing i am also goin to upgrade 6509-e IOS, so do i need to upgrade it before FWSM or its independent ?

Hope to hear from you soon.

Regards

Ahmed..

MarkoTanaskovic · ‎05-24-2011

Hi,Ahmed,

yes, you have to upgrade the switch IOS to the supported version.The switch SW and the FWSM SW do communicate and the proper versioning has to be taken care of.

Check out the release notes for the FWSM 4.1.x : http://www.cisco.com/en/US/docs/security/fwsm/fwsm41/release/notes/fwsmrn41.html - Table 2 for the 6k5 switch. Upgrade the switch IOS and then the FWSM OS. If you have a a failover pair and you are upgrading to a new minor or major version, you should reload both blades at the same time. You must not allow them to have different SW versions, since theywill both become active and cause problems. If you are upgrading to a maintenance release, then you can perform a zero downtime upgrade.

Hope this helps.

Regards,

Marko

P.S. Also do not forget to chech the version of the maintenance partition.

Message was edited by: Marko Tanaskovic