cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1046
Views
0
Helpful
5
Replies

Upgrading FWSM 4.0(3) to 4.0(17)

shain bharati
Level 1
Level 1

Please advise me the best practice to upgrade FWSM from 4.0(3) to 4.0(17).

aloso let me know if there is any known issue while upgrade.

Thanks in advance,

Shain Bharati CCIE (R&S) #28837       

2 Accepted Solutions

Accepted Solutions

Your last posted procedure above is correct. It is a zero downtime upgrade.

View solution in original post

Yes, you are correct. Minor/maintenance release upgrade is zero downtime upgrade, and the procedure from the documentation listed is correct.

View solution in original post

5 Replies 5

Jennifer Halim
Cisco Employee
Cisco Employee

You can upgrade version 4.0.3 directly to 4.0.17, and there is no known issue for the upgrade.

Here is the release notes FYI:

http://www.cisco.com/en/US/docs/security/fwsm/fwsm40/release/notes/fwsmrn40.html

Hi Jennifer,

I have FWSM in failover Active/Standby pair and need to upgrade both for the above said images.

Now the document below suggests, i need to reload the primary first, then reload the secondary unit before the primary comes up. This means there will be downtime of few minutes till the primary comes back up, and i cannot afford this downtime.

http://www.cisco.com/en/US/docs/security/fwsm/fwsm41/configuration/guide/swcnfg_f.html#wp1064244

Now, i was thinking about, reaload secondary first (to boot the new image), then check if the new image (4.0.17) is working fine, make it Active, verify the connections, and then reload the Primary (so both have new image now). But as per the above document it seems like the failover will break if either one of the FWSM units are running different images (as they have suggested reload both almost simultaneously). Please confirm if this is the case, and what would be your suggestion of upgrading my failover pair without downtime..

Cheers,

Shain Bharati CCIE (R&S) #28837

Hi Jennifer,

Seems like i was looking at the wrong section in the doc. My upgrade from 4.0.3 to 4.0.17 is only a maintence release upgrade and not major or minor upgrade. So that means i can reload the secondary first to boot 4.0.17 (while primary is still with 4.0.3), after it comes up, then make it active manully with the command, and then reload the primary to boot the 4.0.17 image, and thereby achieve zerp-downtime upgrade..

http://www.cisco.com/en/US/docs/security/fwsm/fwsm41/configuration/guide/swcnfg_f.html#wp1057491

Please confirm the above procedure is correct..

Cheers,

Shain Bharati CCIE (R&S) #28837

Your last posted procedure above is correct. It is a zero downtime upgrade.

Yes, you are correct. Minor/maintenance release upgrade is zero downtime upgrade, and the procedure from the documentation listed is correct.

Review Cisco Networking for a $25 gift card