Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
215
Views
0
Helpful
1
Replies

PIX 515 Interface Upgrade

csmith
Level 1
Level 1

‎09-08-2004 02:02 PM - edited ‎02-20-2020 11:37 PM

We have a pair of 515 firewalls in a failover configuration (cable not LAN based failover). The firewalls are being upgraded from the current 4 port ethernet to 6 ports - two single ethernet NIC's are being removed and replaced with the 4FE on each firewall.

If the secondary firewall is upgraded first then returned to service, will redundancy function correctly between the two devices? There will be an obvious hardware mismatch when it is initially returned (secondary with 6 interfaces, primary with 4) - the secondary would then be made active, and the primary firewall upgraded.

The (obvious) goal is to minimize downtime by failing active firewall over to the running PIX while the upgrade occurs.

Thanks

C. Smith

0 Helpful
1 Reply 1

nkhawaja
Cisco Employee
Cisco Employee

‎09-08-2004 02:21 PM

in your scenario, there is a downtime. You better have some maintenance window available first.

Here is the sequence.

failover to secondary.

power off primary, upgrade the hardware.

plug in all the necessary cabled

power on the primary, you should console access, as soon as the primary comes up (not 100% online yet), you powerdown the secondary.

upgrade the secondary.

There is a downtime when primary is coming up and secondary is going down. But it should be 30 seconds or less.

Thanks

Nadeem

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card