ā11-19-2018 05:23 AM - edited ā03-12-2019 07:05 AM
Hi
We have a pair of ASA in HA, they have source/firepower running on them managed via Firesight management centre FMC.
Am i correct in thinking that within the FMC product update that Cisco Network Sensor Patch is the update for the ASA source/powerfire module?
and
If i choose an update and select the sensor that isn't on the live ASA within the HA pair then click install then it just updates the non live sensor and reboots the non live sensor only? and therefore there is no interruption to service.
Thankyou for your time in looking and hopefully responding.
ā11-19-2018 09:26 AM
Hi @mozmorris1974,
The ASA with Firepower Services module behavior is like the old ASA with IPS module. Both module are acting active/active but the ASA is acting active/standby and the ASA monitors the Firepower module. If the Firepower module reboots, the ASA will failover since it detects that the module goes down unless you configure the following command,
no monitor-interface service-module
You also need to check the compatibility guide whether your existing ASA is compatible to your planned FP version.
In your case, upgrade/update first your standby FP module then re-deploy the config using your FMC to the new version of FP module. Then do a failover of your ASA and then upgrade/update the other FP module then re-deploy the config again using your FMC.
Thanks
ā11-20-2018 01:33 AM - edited ā11-20-2018 01:54 AM
thankyou for the confirmation it is appreciated :)
i'll perform the work on the standby side then look to fail the ASA HA over, so they should be no downtime
thankyou again
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide