Solved: What's the average amount of time to upgrade firmware on Cisco ASA5508-X?

gamoore · ‎06-25-2018

I need to do a firmware upgrade on my ASA5508 before upgrading the OS to 9.9(2) and was wondering how much time it will add to the upgrade process?

Rahul Govindan · ‎06-29-2018

Ok, thats the ROMMON version. Upgrading that also should not take too long. Steps are here:

https://www.cisco.com/c/en/us/td/docs/security/asa/asa99/configuration/general/asa-99-general-config/admin-swconfig.html#task_90917D0EBAC2427487F6F51D21ABC235

Also check the release notes before updating ROMMON. As per the release notes for 9.9 (https://www.cisco.com/c/en/us/td/docs/security/asa/asa99/release/notes/asarn99.html), if the ASA runs FTD, the new 1.1.12 ROMMON version is not supported.

New ROMMON Version 1.1.12 for the ASA 5506-X, 5508-X, and 5516-X—We recommend that you upgrade your ROMMON for several crucial fixes. See https://www.cisco.com/go/asa-firepower-sw, choose your model > ASA Rommon Software > 1.1.12. Refer to the release notes on the software download page for more information. To upgrade the ROMMON, see Upgrade the ROMMON Image (ASA 5506-X, 5508-X, and 5516-X). Note that the ASA running Firepower Threat Defense does not yet support upgrading to this ROMMON version; you can, however, successfully upgrade it in ASA and then reimage to Firepower Threat Defense.

View solution in original post

Rahul Govindan · ‎06-25-2018

Upgrading the ASA version is usually a simple process of changing the boot variable and reloading. Different hardware versions take different times, but in my experience its usually not more than 10 minutes for the whole process. You may want to look at the release notes of the final version that you want to be in and see how many such upgrades you have to do to get there.

johnlloyd_13 · ‎06-26-2018

i agree. it usually takes between 5-10 mins.

also depending how big is your config.

gamoore · ‎06-28-2018

Hi Rahul,

Thanks for your response. I was not talking about an OS upgrade, I was talking about the firmware as displayed with the "show module 1" command.

Mod MAC Address Range Hw Version Fw Version Sw Version
---- --------------------------------- ------------ ------------ ---------------
1 a46c.2a99.fec2 to a46c.2a99.fecb 1.0 1.1.8 9.9(2)

Rahul Govindan · ‎06-29-2018

Ok, thats the ROMMON version. Upgrading that also should not take too long. Steps are here:

https://www.cisco.com/c/en/us/td/docs/security/asa/asa99/configuration/general/asa-99-general-config/admin-swconfig.html#task_90917D0EBAC2427487F6F51D21ABC235

Also check the release notes before updating ROMMON. As per the release notes for 9.9 (https://www.cisco.com/c/en/us/td/docs/security/asa/asa99/release/notes/asarn99.html), if the ASA runs FTD, the new 1.1.12 ROMMON version is not supported.

New ROMMON Version 1.1.12 for the ASA 5506-X, 5508-X, and 5516-X—We recommend that you upgrade your ROMMON for several crucial fixes. See https://www.cisco.com/go/asa-firepower-sw, choose your model > ASA Rommon Software > 1.1.12. Refer to the release notes on the software download page for more information. To upgrade the ROMMON, see Upgrade the ROMMON Image (ASA 5506-X, 5508-X, and 5516-X). Note that the ASA running Firepower Threat Defense does not yet support upgrading to this ROMMON version; you can, however, successfully upgrade it in ASA and then reimage to Firepower Threat Defense.