Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2897
Views
0
Helpful
10
Replies

upgrading fwsm 6509 from 1.1(3) to 4.x

Go to solution
hustler0002
Level 1
Level 1

‎12-23-2010 08:12 AM - edited ‎03-11-2019 12:27 PM

Hi,

We need to upgrade our fwsm to a more current version, is there any problems I should be aware of in upgrading from our updated version?  Our IT guy left so I'm left to try keep our firewall up to date.  Our sup720 is running ver. 12.2(14r)s9.  I still need to read up on how to upgrade the fwsm so any helpful tips from experience would be helpful.  Commands to use, things to double check, etc. Should I also upgrade the sup720?

TIA

Mike.

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
mirober2
Cisco Employee
Cisco Employee

‎12-23-2010 08:49 AM

Hi Mike,

Yes, there are a few interim upgrades you need to do first. Here is the order that you should do it in:

1. Upgrade the application partition from 1.1(3) to 2.3(5)

2. Upgrade the maintenance partition to 2.1(2) or higher

3. Upgrade the supervisor to 12.2(18)SXF2 or higher

4. Upgrade the maintenance partition from 2.3(5) to 4.x

Be sure to save a backup copy of the configuration at each step of the way just to be safe.

Here are a couple of documents that will help with the above steps:

FWSM Upgrade Procedure:

http://www.cisco.com/en/US/docs/security/fwsm/fwsm31/upgrade/guide/fwsm31up.html#wp2070189

Maintenance Partition software downloads:

http://www.cisco.com/cisco/software/release.html?mdfid=282229330&catid=268437717&softwareid=283461948&release=null&relind=null&rellifecycle=null&reltype=null&i=rp

Upgrading the maintenance partition:

http://www.cisco.com/en/US/docs/security/fwsm/fwsm31/upgrade/guide/fwsm31up.html#wp2090797

FWSM 2.x to 4.x Upgrade Notes:

http://www.cisco.com/en/US/docs/security/fwsm/fwsm40/release/notes/fwsmrn40.html#wp161551

FWSM 4.x Release Notes:

http://www.cisco.com/en/US/docs/security/fwsm/fwsm40/release/notes/fwsmrn40.html

Hope that helps.

-Mike

View solution in original post

0 Helpful

Go to solution
Kureli Sankar
Cisco Employee
Cisco Employee
In response to hustler0002

‎01-10-2011 04:36 PM

Mike,

Like I suggested earlier, pls. open two proactive cases one with the lan switching team and one with the FWSM team for this weekend.

Testing after each upgarde is upto you and depends on whether you have the time.

1. For sup720 code upgrade. I believe you just have to get the code onto the disk

copy tftp disk0:

2. Then set the boot system parameter: Make sure to remove the one present and change it to the new file name.

boot system disk0:

3. Regarding 1.x to 2.3 upgrade we sent you the links earllier.

This is again

copy tftp flash:image

and follow the prompts. Save the config with a "wr mem" and reload

4. Then upgrade the MP on the FWSM to the latest.  You need to boot it into cf:1 in order to do that. You already have the link for that.

5. Once done upgrade from 2.x to 3.x. Again the command is "copy tftp flash:image". Write mem and reload.

6. Then finally do one more to go from 3.x to 4.x "copy tftp flash:image" again.

Good Luck!

-KS

View solution in original post

0 Helpful
10 Replies 10

Go to solution
Kureli Sankar
Cisco Employee
Cisco Employee

‎12-23-2010 08:43 AM

Wow! You are really running 1.1(3) on the FWSM?

You would have to upgrade the following:

1. FWSM - MP (Maintenance Partition) code

2. Switch - code

3. FWSM - application partition code.

Pls. read here.

http://www.cisco.com/en/US/docs/security/fwsm/fwsm31/upgrade/guide/fwsm31up.html

FWSM documentation: http://www.cisco.com/en/US/products/hw/modules/ps2706/ps4452/tsd_products_support_model_home.html

-KS

0 Helpful

Go to solution
mirober2
Cisco Employee
Cisco Employee

‎12-23-2010 08:49 AM

Hi Mike,

Yes, there are a few interim upgrades you need to do first. Here is the order that you should do it in:

1. Upgrade the application partition from 1.1(3) to 2.3(5)

2. Upgrade the maintenance partition to 2.1(2) or higher

3. Upgrade the supervisor to 12.2(18)SXF2 or higher

4. Upgrade the maintenance partition from 2.3(5) to 4.x

Be sure to save a backup copy of the configuration at each step of the way just to be safe.

Here are a couple of documents that will help with the above steps:

FWSM Upgrade Procedure:

http://www.cisco.com/en/US/docs/security/fwsm/fwsm31/upgrade/guide/fwsm31up.html#wp2070189

Maintenance Partition software downloads:

http://www.cisco.com/cisco/software/release.html?mdfid=282229330&catid=268437717&softwareid=283461948&release=null&relind=null&rellifecycle=null&reltype=null&i=rp

Upgrading the maintenance partition:

http://www.cisco.com/en/US/docs/security/fwsm/fwsm31/upgrade/guide/fwsm31up.html#wp2090797

FWSM 2.x to 4.x Upgrade Notes:

http://www.cisco.com/en/US/docs/security/fwsm/fwsm40/release/notes/fwsmrn40.html#wp161551

FWSM 4.x Release Notes:

http://www.cisco.com/en/US/docs/security/fwsm/fwsm40/release/notes/fwsmrn40.html

Hope that helps.

-Mike

0 Helpful

Go to solution
hustler0002
Level 1
Level 1

‎12-23-2010 09:11 AM

Thanks for the quicks replys and links.  I guess I have a lot of reading to do, but thank you for the help I'll be busy this weekend. I'll keep you posted on my progress and I'll post any other concerns or questions.

0 Helpful

Go to solution
Kureli Sankar
Cisco Employee
Cisco Employee
In response to hustler0002

‎12-23-2010 09:15 AM

Mike,

I truely appreciate the initiative on your part to read.

If you have not upgraded the FWSM code or the switch code in the past it may be a bit much. If you have done it once or twice then, it is piece of cake.

-KS

0 Helpful

Go to solution
hustler0002
Level 1
Level 1

‎12-23-2010 10:00 AM

I was wondering if someone can confirm these are the files I need.

Upgrade the application partition from 1.1(3) to 2.3(5)

I couldn't find version 2.3(5) for the application partition. I could only find 2.3(3.2).

c6svc-fwm-k9.2-3-3-2.bin

Upgrade the maintenance partition from 2.3(5) to 4.x

c6svc-fwm-k9.4-1-3.bin

Upgrade the maintenance partition to 2.1(2) or higher

c6svc-mp.3-4-2.bin.gz

Upgrade the supervisor to 12.2(18)SXF2 or higher

(there was a s3223 and s72033 file also, not sure if I downloaded the right one)

s6523-mp001-pz.122-33.SXH5

thanks.

Mike

0 Helpful

Go to solution
Kureli Sankar
Cisco Employee
Cisco Employee
In response to hustler0002

‎12-23-2010 10:16 AM

I don't see 2.3.5 either. It is fine if you go to 2.3.x

sup 720 code is  s72033-mp001-pz.122-33.SXH5

-KS

0 Helpful

Go to solution
hustler0002
Level 1
Level 1

‎01-10-2011 02:41 PM

I have a few questions,

1. Is there documentation on how to upgrade to s72033-mp001-pz.122-33.SXH5 for the supervisor 720?  I see the documentation for tha application and maintenance partitions.  If not, how do you do it?

2. Also since there is no documentation from upgrading from 1.1 to 2.3, I assume the procedure is the same for 1 to 2.3 as it is for 2.3 to 3.1.  After I do the first upgrade should I test the network to see if everything still works, or should I just continue upgrading the maintenance partition and supervisor?

3. Is there anything else to do besides backup after each step?  Are there any manual conversions of commands that I need to look for?

I tried to read as much as possible, but I'm out of time.  We got one shot at this, this weekend and I can't read through all the upgrade notes from ver 1.1 up to 4.x.  So any last tips would be helpful.

Thanks again for everyone's help. I'll let you know how it went.

Mike.

0 Helpful

Go to solution
Kureli Sankar
Cisco Employee
Cisco Employee
In response to hustler0002

‎01-10-2011 04:36 PM

Mike,

Like I suggested earlier, pls. open two proactive cases one with the lan switching team and one with the FWSM team for this weekend.

Testing after each upgarde is upto you and depends on whether you have the time.

1. For sup720 code upgrade. I believe you just have to get the code onto the disk

copy tftp disk0:

2. Then set the boot system parameter: Make sure to remove the one present and change it to the new file name.

boot system disk0:

3. Regarding 1.x to 2.3 upgrade we sent you the links earllier.

This is again

copy tftp flash:image

and follow the prompts. Save the config with a "wr mem" and reload

4. Then upgrade the MP on the FWSM to the latest.  You need to boot it into cf:1 in order to do that. You already have the link for that.

5. Once done upgrade from 2.x to 3.x. Again the command is "copy tftp flash:image". Write mem and reload.

6. Then finally do one more to go from 3.x to 4.x "copy tftp flash:image" again.

Good Luck!

-KS

0 Helpful

Go to solution
hustler0002
Level 1
Level 1
In response to Kureli Sankar

‎01-24-2011 07:22 AM

Thanks for your help.  I did what you suggested and opened a WAN/LAN discussion and found out the upgrade for the SUP720 needed these 3 files:

IOS image for SUP720 MSFC3 - s72033-adventerprisek9_wan-mz.122-33.SXH8.bin

IOS Bootloader - s72033-boot-mz.122-33.SXH8.bin

ROMMON for 6500 series line cards - c2lc-rm2.srec.122-18r.S1

and I also need to add a 512MB Compact Flash Card for Disk0: to have enough space to load these files.  We had to delay the upgrade but hopefully now I have all the pieces to upgrade all the units.

The other file s72033-mp001-pz.122-33.SXH5 is a L2 only image and I guess is OK for upgrading if you have a certain configuration. But wasn't the right one for my configuration.

Hope this post helps others with their upgrades.

Discussion link for Sup 720:

https://supportforums.cisco.com/message/3276389

Mike

Message was edited by: Mike Lee

0 Helpful

Go to solution
Kureli Sankar
Cisco Employee
Cisco Employee

‎01-24-2011 07:35 AM

Mike,

Thanks for writing back to let us all know. Would appritiate if you can include the WAN/LAN discussion link here.

There is no way I could have told you about the 3 files that you needed.

Good luck.

-KS

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card