Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2342
Views
0
Helpful
10
Replies

FWSM

Go to solution
estelamathew
Level 2
Level 2

‎02-01-2011 08:40 AM - edited ‎03-11-2019 12:42 PM

Hi,

I wanna upgrade FWSM version from 3.2 to 4.1.I have read release notes but i below queries.

Please answer my below queries.

  • what is the command from which i can see my flash memmory available space and used space.
  • From which command i can list flash files,i want to check the existing IOS and after uploading the new IOS (c6svc-fwm-k9.4-1-3.bin) in which partition they are located.
  • To load asdm image i have to specify this command copy tftp://172.16.X.X/c6svc-fwm-k9.4-1-3.bin flash:asdm.
  • if i upload image,, on which partition does it will be copied C4 or C5
  • I just tried with the tftp command it gave me the below output i dont see any options for C4 or C5 application partition after flash: command and why it is showing me 2 times flash:image and flash:asdm.

FWSM# copy tftp://172.16.X.X/c6svc-fwm-k9.4-1-3.bin flash:?

  flash:asdm              flash:asdm    flash:image    flash:image
  flash:startup-config 
FWSM# copy tftp://172.16.X.X/c6svc-fwm-k9.4-1-3.bin flash:

Address or name of remote host [172.16.X.X]?

Source filename [c6svc-fwm-k9.4-1-3.bin]?

Destination filename [image]? c6svc-fwm-k9.4-1-3.bin

  • It will ask me to erase the the existing image b4 upgrading the new image
  • I m trying to load 12.2 SXH8 with the 4.1 is it compatible, release notes specify the 12.2SXF and higher for SUP 720. please see the attached.

Below is the output for sh version.

FWSM# sh version

FWSM Firewall Version 3.2(5)
Device Manager Version 5.2(1)F

Hardware:   WS-SVC-FWM-1, 1024 MB RAM, CPU Pentium III 1000 MHz
Flash STI Flash 8.0.0 @ 0xc321, 20MB


The Running Activation Key is not set, using default settings:

Licensed features for this platform:
Maximum Interfaces          : 256      
Inside Hosts                : Unlimited
Failover                    : Active/Active
VPN-DES                     : Enabled  
VPN-3DES-AES                : Enabled  
Cut-through Proxy           : Enabled  
Guards                      : Enabled  
URL Filtering               : Enabled  
Security Contexts           : 2        
GTP/GPRS                    : Disabled 
BGP Stub                    : Disabled 
VPN Peers                   : Unlimited

Thanks

Labels:
Preview file
181 KB
0 Helpful
5 Accepted Solutions

Accepted Solutions

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee

‎02-01-2011 09:00 AM

- You can only upload 1 FWSM image (software) at the time, and when you upload the image, you would need to actually specify the word "image" as follows:
copy tftp://172.16.X.X/c6svc-fwm-k9.4-1-3.bin flash:image

The destination filename has to be called "image".

Similarly when you upload the asdm image, it also needs to be called "asdm".

- What partition do you boot your fwsm from? By default it will be on partition cf:4, unless if you boot from different partition. To check which partition it is booting from, from the switch prompt: show boot device

- When you upload the fwsm image, it will be uploaded to the partition on where you boot the fwsm from.

- When you upload the fwsm image from the fwsm session, there is no way and no need to define the partition, it will automatically be uploaded to the partition where you boot the fwsm from. You can't specify which partition to upload the image to. Unless you are uploading the fwsm image from the maintenance partition.

Here is the upgrade options for fwsm for your reference:
http://www.cisco.com/en/US/docs/security/fwsm/fwsm32/configuration/guide/swcnfg_f.html

Hope that helps and answers your questions.

View solution in original post

0 Helpful

Go to solution
Yudong Wu
Level 7
Level 7
In response to estelamathew

‎02-01-2011 01:42 PM

Yes, it will overwrite the existing image.

Flash size is 20M

No, you need upgrade to SXI or above image

View solution in original post

0 Helpful

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee
In response to estelamathew

‎02-01-2011 05:57 PM

Correct, you are absolutely right.

You can only upload 1 FWSM image and 1 ASDM software into the FWSM, and you would need to name it image and asdm respectively. Unlike ASA where you can actually upload multiple images and asdm version as long as you configure the boot system to boot from the image that you want. With FWSM because the flash is very small and you are not able to add more memory to flash, only one image and one asdm can be uploaded to the fwsm, and yes, it will overwrite the existing version.

Yes, the version is OK as SXH is higher version than SXF.

View solution in original post

0 Helpful

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee
In response to estelamathew

‎02-02-2011 03:01 AM

No, there is no rommon procedure. You can perform the upgrade via maintenance partition if it fails from the fwsm itself, and the procedure is in the guide provided earlier. However, there shouldn't be any issues with upgrading the fwsm normally.

One tip: when you upload the fwsm image to the fwsm from tftp server, sometimes, it can sort of hang for a little bit. Pls be patience and just wait for it to complete as it might take a while. Don't reload or break the image upload. From experience, just be patience and it will eventually complete the copying from tftp server to the fwsm flash.

View solution in original post

0 Helpful
10 Replies 10

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee

‎02-01-2011 09:00 AM

- You can only upload 1 FWSM image (software) at the time, and when you upload the image, you would need to actually specify the word "image" as follows:
copy tftp://172.16.X.X/c6svc-fwm-k9.4-1-3.bin flash:image

The destination filename has to be called "image".

Similarly when you upload the asdm image, it also needs to be called "asdm".

- What partition do you boot your fwsm from? By default it will be on partition cf:4, unless if you boot from different partition. To check which partition it is booting from, from the switch prompt: show boot device

- When you upload the fwsm image, it will be uploaded to the partition on where you boot the fwsm from.

- When you upload the fwsm image from the fwsm session, there is no way and no need to define the partition, it will automatically be uploaded to the partition where you boot the fwsm from. You can't specify which partition to upload the image to. Unless you are uploading the fwsm image from the maintenance partition.

Here is the upgrade options for fwsm for your reference:
http://www.cisco.com/en/US/docs/security/fwsm/fwsm32/configuration/guide/swcnfg_f.html

Hope that helps and answers your questions.

0 Helpful

Go to solution
estelamathew
Level 2
Level 2
In response to Jennifer Halim

‎02-01-2011 11:01 AM

Hello Jennifer ,

Excellent too good

Please confirm the below answers are correct or wrong

  • You can only upload 1 FWSM image (software) at the time, and when you  upload the image, you would need to actually specify the word  "image" as  follows: copy tftp://172.16.X.X/c6svc-fwm-k9.4-1-3.bin flash:image, The destination filename has to be called "image".

Answer:  This means it will overwrite on the same name file "image" in the flash when i will try to upload.the new 4.1 image ????

Answer:   The same applies to asdm image also

  • The output of show version does'nt show's me size fo the flash how can i find it

Answer ????

  • The IOS of 6500 as per the attached in previous mail ,i would go for 12.2SXH8 (s72033-advipservicesk9_wan-mz.122-33.SXH8)

Answer  Is the correct IOS i m choosing for FWSM.

Thanks

0 Helpful

Go to solution
Yudong Wu
Level 7
Level 7
In response to estelamathew

‎02-01-2011 01:42 PM

Yes, it will overwrite the existing image.

Flash size is 20M

No, you need upgrade to SXI or above image

0 Helpful

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee
In response to estelamathew

‎02-01-2011 05:57 PM

Correct, you are absolutely right.

You can only upload 1 FWSM image and 1 ASDM software into the FWSM, and you would need to name it image and asdm respectively. Unlike ASA where you can actually upload multiple images and asdm version as long as you configure the boot system to boot from the image that you want. With FWSM because the flash is very small and you are not able to add more memory to flash, only one image and one asdm can be uploaded to the fwsm, and yes, it will overwrite the existing version.

Yes, the version is OK as SXH is higher version than SXF.

0 Helpful

Go to solution
estelamathew
Level 2
Level 2
In response to Jennifer Halim

‎02-01-2011 09:22 PM

Hello Dears,

Thanks very much for ur precious information.I will update the rating once i finish upgrading

  • Is it there is any rommon recovery procedure ???, 

Thanks

0 Helpful

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee
In response to estelamathew

‎02-02-2011 03:01 AM

No, there is no rommon procedure. You can perform the upgrade via maintenance partition if it fails from the fwsm itself, and the procedure is in the guide provided earlier. However, there shouldn't be any issues with upgrading the fwsm normally.

One tip: when you upload the fwsm image to the fwsm from tftp server, sometimes, it can sort of hang for a little bit. Pls be patience and just wait for it to complete as it might take a while. Don't reload or break the image upload. From experience, just be patience and it will eventually complete the copying from tftp server to the fwsm flash.

0 Helpful

Go to solution
estelamathew
Level 2
Level 2
In response to Jennifer Halim

‎02-02-2011 04:01 AM

Hello Jennifer,

Only an expierience person can give such hints, thanks dear,

I have been through the command reference link for 12.2 SX in the below link it doesn't show me the firewall vlan-group command in 12.2 SX

http://www.cisco.com/en/US/docs/ios/mcl/122sxmcl/122sx_03.html#LTR_F

Thanks

0 Helpful

Go to solution
estelamathew
Level 2
Level 2
In response to Jennifer Halim

‎02-03-2011 12:51 AM

Hello Dear,

Thanks very much, U deserve the rating on each and every reply,

  • Can we do the upgrade through the asdm,as per ur previous mail hints incase of tftp stuck long time. Any asdm upgrade configuration Examples for FWSM or almost equivalent to the below link.

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008067e9f9.shtml#maintask2

Thanks

0 Helpful

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee
In response to estelamathew

‎02-03-2011 07:05 AM

Thank you for the ratings.

I would actually suggest  that you upgrade via command line instead of ASDM. The reason is you can  actually see the progress of the software upload via command line (it  will show you the "!" as it progress and advise when it's completed).  With ASDM, it doesn't show you any progress, and sometimes you can be  waiting for a long time as advised earlier, so it's better to actually  see the progress of the upload with the "!", instead of just waiting for  it to complete when it's done via ASDM.

I don't  believe there is any sample configuration to upgrade FWSM with ASDM,  however, it is pretty self explainatory via the upgrade management on  the asdm for fwsm.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card