cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

297
Views
5
Helpful
1
Replies
Highlighted
Beginner

upgrade Rommon ASA 5508-X Active-Standby firewalls

Hi,

 

I wanted to upgrade Rommon of my ASA 5508-X Active-Standby firewalls to fix this CSC :

 

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190513-secureboot

 

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77246

 

In the doc we speak about 15~20 minutes downtime My question is, are we going to get 15~20 minutes even if we have Active-Standby model ?

 

Regards

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Hall of Fame Guru

Re: upgrade Rommon ASA 5508-X Active-Standby firewalls

If you have an Active-Standby High Availability (HA) pair then you can do the rommon upgrade with no downtime.

First upgrade the secondary unit (or whichever is currently in Standby role). Once it has rebooted and "show failover" indicates it is "Standby-Ready" once again you should make it the active unit ("failover active").

Then verify the failover roles have switched and that the secondary unit is Active.

Repeat the process on the primary unit (which should be in Standby role at this point).

View solution in original post

1 REPLY 1
Highlighted
Hall of Fame Guru

Re: upgrade Rommon ASA 5508-X Active-Standby firewalls

If you have an Active-Standby High Availability (HA) pair then you can do the rommon upgrade with no downtime.

First upgrade the secondary unit (or whichever is currently in Standby role). Once it has rebooted and "show failover" indicates it is "Standby-Ready" once again you should make it the active unit ("failover active").

Then verify the failover roles have switched and that the secondary unit is Active.

Repeat the process on the primary unit (which should be in Standby role at this point).

View solution in original post