01-06-2014 09:07 AM - edited 03-11-2019 08:25 PM
Good morning guys
I need to upgrade a FWSM from version 4.1(6) to 4.1(15). I understand this procedure as mantaining the same major and minor version, only changing the maintenance release.
I found some articles and discussions regarding caution upgrading with different minor and major versions.
I have never upgraded FWSM only ASA appliances. I need to perform this aiming zero-downtime, the same way I could perform with ASA appliances.
I could not find where is the actual system image (it doesnt appear with dir command). Even I could not find something like boot in configuration.
That modules work in active-standby and have many contexts.
Anyone have the detailed procedures, recommendations, commands to perform this task?...This environment is very critical.
Regards
Christian
01-09-2014 12:33 PM
Hi Christian,
As you say, the major and minor release will remain the same. It will only change the maintenance release so zero downtime is possible.
I would recommend the following:
1. load the image on both FWSM flash.
2. Save configuration
3. Reload Standby unit.
4. Standby Unit should come up with the 4.1.15 version. Failover will not break and it should still be the standby unit.
5. Reload Active Unit. This will force traffic to go through the former Standby Unit, making it active.
6. Unit will come up as Standby with the 4.1.15.
I hope it helps.
regards,
Itzcoatl
01-09-2014 02:58 PM
Agree with Itzcoatl, Zero downtime is possible. Zero downtime was a problem with Old versions 2.x/3.1. But Starting from 3.2 onwards its posible. A Doc Bug was filed to correct the documentation CSCtr63007.
Dinkar
01-10-2014 05:31 AM
Good Morning Gentlemen
Thanks for your help. It has been very useful.
Based on your answers, I have some detailed doubts to proceed to the implementation.
1 - Could I upload the new image both in primary/active and secondary/standby FWSM?...I red something about have to perform failover to upload the image in secondary device.
2 - Should I rename the images (software and ASDM) uploaded to Flash:?...Until now I have former files named ASDM and IMAGE in flash.
3 - How can I set the boot image in configuration, like I do usually in ASA?...Only do I have to reboot the firewall and the device fits itself?
I'm worried about having any kind of impact
Regards and thanks to your help
Christian
01-10-2014 06:32 AM
Hi Christian,
Here are my answers:
1. You can do it either way. There is no problem as failover wont break.
2. There is no need to rename the images. The FWSM flash has a predefined space for the ASDM and for the FWSM software image.
3. There is no boot option on the FWSM. You can only have one ASDM and FWSM image on flash at a time. When you upload the image it will over write it and will take affect after the reload.
NOTE: For the ASDM image there is no need to reload the FWSM.
Thanks,
Itzcoatl
01-10-2014 07:08 AM
It's clearer now
In device flash I found:
Directory of flash:/
2      -rw-  12747700    
1      -rw-  6423040     
3      -rw-  14720       
Putting the .bin file in root the device will automatically substitute the former file (image, no extension) in image directory, after reboot?
01-10-2014 12:33 PM
Hi Christian,
That is correct
The commands to copy each image are:
copy tftp flash:image
and
copy tftp flash:asdm
regards,
Itzcoatl
02-04-2014 04:44 AM
Hello.
Today I have found that new release available - FWSM 4.1(16), but there is no Release Notes for this minor release!
Download link:
Release notes link:
http://www.cisco.com/en/US/docs/security/fwsm/fwsm41/release/notes/fwsmrn41.html
There are no 4.1(16) mentioned. Anybody knows what difference between 4.1(15) and 4.1(16)?
 
					
				
				
			
		
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide