Solved: Re: Procedure to upgrade OS on Failover pix

philg · ‎01-20-2005

I have the task of upgradeing a couple of pix 515 firewalls in failover mode from OS version 5.1 to 6.3X. I have looked for a best practice procedure for this but have not found one.

Here is what I am thinking:

1. shut down primary, let secondary take over

2. upgrade primary while offline

3. bring original primary back online with new OS

4. shut down original secondary

5. upgrade original secondary while offline

6. bring original secondary back online with new OS

7. Complete

8. Go home early

Does anyone have a better plan?

Thanks in advance

msdesai · ‎01-20-2005

Hi

Please refer to below link: (Upgrading PIX Devices in a Failover Set with Minimal Downtime)

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094a5d.shtml#failover

Hope this helps,

MD

View solution in original post

davecs · ‎01-20-2005

please be aware that step number 3 will cause all your tcp sessions to drop as 2nd wont sync to 1st - due to code mismatch.

View solution in original post

msdesai · ‎01-20-2005

Hi

Please refer to below link: (Upgrading PIX Devices in a Failover Set with Minimal Downtime)

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094a5d.shtml#failover

Hope this helps,

MD

philg · ‎01-22-2005

Nice link. Thanks very much.

davecs · ‎01-20-2005

please be aware that step number 3 will cause all your tcp sessions to drop as 2nd wont sync to 1st - due to code mismatch.

philg · ‎01-22-2005

Good point, I'll bring that up to my customer.