07-04-2012 12:27 PM - edited 03-11-2019 04:26 PM
Please advise me the best practice to upgrade FWSM from 4.0(3) to 4.0(17).
aloso let me know if there is any known issue while upgrade.
Thanks in advance,
Shain Bharati CCIE (R&S) #28837
Solved! Go to Solution.
07-06-2012 01:35 PM
Your last posted procedure above is correct. It is a zero downtime upgrade.
07-06-2012 08:22 PM
Yes, you are correct. Minor/maintenance release upgrade is zero downtime upgrade, and the procedure from the documentation listed is correct.
07-05-2012 07:27 AM
You can upgrade version 4.0.3 directly to 4.0.17, and there is no known issue for the upgrade.
Here is the release notes FYI:
http://www.cisco.com/en/US/docs/security/fwsm/fwsm40/release/notes/fwsmrn40.html
07-06-2012 12:11 PM
Hi Jennifer,
I have FWSM in failover Active/Standby pair and need to upgrade both for the above said images.
Now the document below suggests, i need to reload the primary first, then reload the secondary unit before the primary comes up. This means there will be downtime of few minutes till the primary comes back up, and i cannot afford this downtime.
http://www.cisco.com/en/US/docs/security/fwsm/fwsm41/configuration/guide/swcnfg_f.html#wp1064244
Now, i was thinking about, reaload secondary first (to boot the new image), then check if the new image (4.0.17) is working fine, make it Active, verify the connections, and then reload the Primary (so both have new image now). But as per the above document it seems like the failover will break if either one of the FWSM units are running different images (as they have suggested reload both almost simultaneously). Please confirm if this is the case, and what would be your suggestion of upgrading my failover pair without downtime..
Cheers,
Shain Bharati CCIE (R&S) #28837
07-06-2012 12:34 PM
Hi Jennifer,
Seems like i was looking at the wrong section in the doc. My upgrade from 4.0.3 to 4.0.17 is only a maintence release upgrade and not major or minor upgrade. So that means i can reload the secondary first to boot 4.0.17 (while primary is still with 4.0.3), after it comes up, then make it active manully with the command, and then reload the primary to boot the 4.0.17 image, and thereby achieve zerp-downtime upgrade..
http://www.cisco.com/en/US/docs/security/fwsm/fwsm41/configuration/guide/swcnfg_f.html#wp1057491
Please confirm the above procedure is correct..
Cheers,
Shain Bharati CCIE (R&S) #28837
07-06-2012 01:35 PM
Your last posted procedure above is correct. It is a zero downtime upgrade.
07-06-2012 08:22 PM
Yes, you are correct. Minor/maintenance release upgrade is zero downtime upgrade, and the procedure from the documentation listed is correct.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide