Buy or Renew
Buy or Renew
Meraki Community is live! Welcome Meraki Members! Learn more here.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2236
Views
5
Helpful
3
Replies

Upgrading an HA FTD pair

Go to solution
arisgiannakopoulos
Frequent Visitor
Frequent Visitor

‎09-24-2018 01:15 PM - edited ‎02-21-2020 08:16 AM

Hello,

 

in the ASA world, when you had to upgrade a failover pair, you would upgrade the Standby unit, once the upgrade is complete and everything looks fine in the "show failover" command, you would failover to that unit, do all your testing and if everything is successful, upgrade the remaining unit.

 

In the FTD world (I am referring to FTDs managed by an FMC and not running FDM), when you upgrade a failover pair of FTDs you no longer have the option to actually test everything out after the first unit gets upgraded, takes over the active role and BEFORE upgrading the remaining unit. So if during testing of the new OS you find that many things are broken, you don't have a quick back out (the second unit upgrade starts right after the first unit upgrade finishes).

 

My question is, if there is a way to "pause" the upgrade once you finish the upgrade of the first unit.

thank you

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎09-25-2018 06:07 AM

No you cannot pause the HA upgrade (short of some drastic and unsupported cli surgery).

 

It may change in future releases but that's the state of things as of 6.2.3.5.

View solution in original post

3 Replies 3

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎09-25-2018 06:07 AM

No you cannot pause the HA upgrade (short of some drastic and unsupported cli surgery).

 

It may change in future releases but that's the state of things as of 6.2.3.5.

Go to solution
arisgiannakopoulos
Frequent Visitor
Frequent Visitor
In response to Marvin Rhoads

‎09-25-2018 06:45 AM

Hi Marvin,

 

thank you for the reply.

 

I hope that in a future release they will introduce a timer that you can leverage in order to have some time to do some thorough testing before upgrading the next unit. As it stands right now, if your network is broken because of the upgrade, you don't have a quick roll back as to downgrade a unit takes the same amount of time as for the upgrade.

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to arisgiannakopoulos

‎09-25-2018 06:53 AM

I agree - even simple policy deployments can take 6-7 minutes (if not longer). Break something with your policy change and you're looking at having to wait that long again to redeploy before it's fixed.

 

Cisco really needs to address that issue.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card