02-27-2011 09:20 AM - edited 03-11-2019 12:57 PM
Hello,
We have 2 ASA 5520's working in active/standby mode and both have the IPS module installed then 2 firewalls have also been upgraded to have 2GB of memory.
I have been asked if it is worth upgrading to 8.4 from 8.2. There is nothing wrong with our current firmware and if it isn't broken then why change strings to mind, but I also dont wnat to be left behind.
I've upgraded the firmware on the ASA's before, but they have been pretty simple. I do the standby ASA first and wait for it to come up, then do the other. However I think 8.3 and 8.4 are big jumps and have issues with NAT (we have a lot of NAT's and NAT exempts). I have had a quick read of 8.4's document, but has anyone actually upgraded from 8.2 to 8.4?
Thanks
02-27-2011 10:40 AM
Andy,
I personally think that you only need to upgrade to 8.4 if either requiring a new feature of this release or if the current OS has any bugs that need to be fixed (fix might be in 8.4).
So, if the current 8.2 is working fine there's no hurry to upgrade.
Specially that there are major changes for NAT and object-oriented configuration.
I would recommend if possible to get very familiar with the new configuration-style and all changes before upgrading to the new release.
Hope it helps.
Federico.
02-27-2011 11:49 AM
Thanks, do you know if there is a demo of the 8.4 ADSM?
02-28-2011 01:06 AM
Hello Andy,
ASDM 6.4.1 is compatible with ASA 8.4. Here is the download link to the demo version of the same:
Hope this helps. Please reply back if you need any further assistance.
Regards,
Chirag
P.S.: Please mark this thread as answered if you feel your query is answered. Do rate helpful posts.
03-12-2011 09:30 PM
Something to note if you can't take downtime:
(taken from the
Cisco ASA 5500 Series Configuration
Guide using the CLI
Software Version 8.4 for the ASA 5505, ASA 5510, ASA 5520, ASA 5540,
ASA 5550, ASA 5580, ASA 5585-X, pg 80-5 & 6)
Minor Release
You can upgrade from a minor release to the next minor release. You
cannot skip a minor release.
For example, you can upgrade from 7.0(1) to 7.1(1). Upgrading from
7.0(1) directly to 7.2(1) is not supported for zero-downtime upgrades;
you must first upgrade to 7.1(1).
Major Release
You can upgrade from the last minor release of the previous version to
the next major release.
For example, you can upgrade from 7.2(1) to 8.0(1), assuming that
7.2(1) is the last minor version in the 7.x release series.
So, you'll have to do an 8.3, and then 8.4 upgrade, unless you can take downtime.
Ken
03-12-2011 10:33 PM
Hello Ken,
Can you please share link on the post? We might have to look into this link.
But you can surely upgrade from any ASA 8.x code to ASA 8.4.
Here are the release notes confirming the same:
http://www.cisco.com/en/US/docs/security/asa/asa84/release/notes/asarn84.html#wp506348
Downtime is always advisable becuase you might hit bugs or face issues while upgrading but it is surely possible without a downtime. You need to reboot the firewall and that will cause 1-2 mins downtime.
Regards,
Chirag
03-12-2011 10:42 PM
Hi Andy,
As suggested by Chirag, we can upgrade from pre-8.3 Code directly to 8.4, its not necessary to upgrade to 8.3. All we need to take care of are the nat-changes, which is different in 8.3 and 8.4.
Regards,
Akhil
06-07-2011 03:44 AM
Hi Akhil, hi all others,
I wanna do an upgrade from 8.2 to 8.4 without Downtime.
ASA pair is configured with "failover link if_name phy_if"(failover link statelink GigabitEthernet0/2).
Is it sure that all State Information from active unit(8.2) which are mentioned here:
will pass to standby unit(8.4),so that I can do an failover manually without loss of any state informations?
What about the NAT translation table? Is it possible to pass NAT translation table from active unit with old NAT(8.2) to the standby unit with new NAT(8.4) with Stateful Failover?
Regards,
Marcus
03-13-2011 04:44 PM
I'm betting that this section ("System Administration") hasn't been looked at since it was written for 7.x...
http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/admin_swconfig.html#wp1285734
http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/asa_84_cli_cfg.pdf
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide