Solved: Upgrade FMC 6.1 - 6.4 Should I Expect Traffic Interruption During Reboot?

Alan Inman · ‎05-09-2020

Our FMC manages 4 ASAs in routing mode. Reading the upgrade guide and watching YouTube videos leads me to believe "nothing" happens to traffic flow during the FMC upgrade. I just want to run the question by the seasoned folks in the trenches before bringing this to our Change Management team.

Thank you all.

-Alan

Rob Ingram · ‎05-09-2020

Hi,

It depends, if you are doing cloud lookup for malware (AMP) or user identity firewall this would be impacted if the FMC is down during upgrade. If you not using those features then yes normal traffic flow should be not impacted. No logs will be sent to the FMC whilst it is down

HTH

View solution in original post

Rob Ingram · ‎05-09-2020

Hi,

It depends, if you are doing cloud lookup for malware (AMP) or user identity firewall this would be impacted if the FMC is down during upgrade. If you not using those features then yes normal traffic flow should be not impacted. No logs will be sent to the FMC whilst it is down

HTH

Marvin Rhoads · ‎05-09-2020

In addition to what @Rob Ingram correctly noted, one of the post-upgrade tasks is to redeploy policy to your managed devices.

During that policy deployment there may be brief interruptions of flow through Firepower service modules while Snort restarts. If your ASA's are set to "fail-open" during module failure it won't affect end user traffic, only traffic inspection.