01-15-2020 02:13 PM
Hello All,
We are going to upgrade our 5585-x from 9.1(2) to 9.8.4(15) due to a cosmetic bug which caused the admin context to show the wrong memory output value which triggered bunch snmp alerts and so we are here.
We have an IPS (SSP-20) which is on but EOL sitting the simply.
What i want to know is two things
1.General procedure when upgrading the IOS is whether to turn OFF the IPS or let it run in the background.
2.Will the new IOS impact the IPS module in any way because we have a plan to maybe install a firepower module.
01-15-2020 02:21 PM
have a look on this document https://www.cisco.com/c/en/us/td/docs/security/asa/upgrade/asa-upgrade/planning.html
01-15-2020 02:21 PM
Is this HA or single Box?
either case, suggest upgrading SSP also.(even though both the are independent - but they are linked)
here is the ASA upgrade procedure :
https://www.cisco.com/c/en/us/td/docs/security/asa/upgrade/asa-upgrade/planning.html
01-17-2020 11:51 AM
It's an HA but right now the team managing IPS module are not going to do the upgrade to a fire power anytime soon.
Hence why I am asking if upgrading the ASA IOS alone will cause any problem.
Also please let me know if we have to actually IPS module during the whole procedure.
01-17-2020 02:26 PM
Personally we have done many upgrades ASA with IPS modules with right FirePOWER on it.
This looks like a different requirement, there is not necessary to upgrade the SSP module as per the document and i understand.
But there will be downtime while ASA rebooting,
always suggest to take backup config out of the box before upgrade for both ASA and SSP.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide