Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
739
Views
0
Helpful
1
Replies

upgrade asa firepower module

Go to solution
georgezptl
Level 1
Level 1

‎09-13-2018 07:13 AM - edited ‎03-12-2019 04:10 AM

If you upgrade the firepower service module while not redirecting traffic to it with the service policy, when it restarts will you get dropped packets?

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Ajay Saini
Level 7
Level 7

‎09-13-2018 10:16 AM

Well, if you are not sending any traffic to firepower module from the ASA, then no impact will be there on traffic due to any activity on firepower module including a reboot on the module. So, in short no dropped packets if no traffic is redirected.

 

Infact this is a recommended action to either have 'fail-open' action set in policy created for Firepower on ASA or remove the redirect policy while doing any maintenance on the Firepower.

 

https://www.cisco.com/c/en/us/td/docs/security/asa/asa93/configuration/firewall/asa-firewall-cli/modules-sfr.html

 

HTH
AJ

 

 

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Ajay Saini
Level 7
Level 7

‎09-13-2018 10:16 AM

Well, if you are not sending any traffic to firepower module from the ASA, then no impact will be there on traffic due to any activity on firepower module including a reboot on the module. So, in short no dropped packets if no traffic is redirected.

 

Infact this is a recommended action to either have 'fail-open' action set in policy created for Firepower on ASA or remove the redirect policy while doing any maintenance on the Firepower.

 

https://www.cisco.com/c/en/us/td/docs/security/asa/asa93/configuration/firewall/asa-firewall-cli/modules-sfr.html

 

HTH
AJ

 

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card
Top