05-09-2020 04:05 AM
Our FMC manages 4 ASAs in routing mode. Reading the upgrade guide and watching YouTube videos leads me to believe "nothing" happens to traffic flow during the FMC upgrade. I just want to run the question by the seasoned folks in the trenches before bringing this to our Change Management team.
Thank you all.
-Alan
Solved! Go to Solution.
05-09-2020 07:22 AM
Hi,
It depends, if you are doing cloud lookup for malware (AMP) or user identity firewall this would be impacted if the FMC is down during upgrade. If you not using those features then yes normal traffic flow should be not impacted. No logs will be sent to the FMC whilst it is down
HTH
05-09-2020 07:22 AM
Hi,
It depends, if you are doing cloud lookup for malware (AMP) or user identity firewall this would be impacted if the FMC is down during upgrade. If you not using those features then yes normal traffic flow should be not impacted. No logs will be sent to the FMC whilst it is down
HTH
05-09-2020 07:46 PM
In addition to what @Rob Ingram correctly noted, one of the post-upgrade tasks is to redeploy policy to your managed devices.
During that policy deployment there may be brief interruptions of flow through Firepower service modules while Snort restarts. If your ASA's are set to "fail-open" during module failure it won't affect end user traffic, only traffic inspection.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide