Upgrading the FWSM software is pretty straightforward and well documented.
A user has to be careful though when upgrading from version 2.3 or earlier to 3.1 or later. He has to make sure he is running maintenance partition version 2.1.2 or later.
Check the maintenance partition
To check the version of the maintenance software follow the instructions here
Upgrade the maintenance partition, if necessary following the link.
You can upgrade the application partition from CLI as described here or from the maintenance partition as explained here.
ASDM software can be upgraded following this page .
As far as failover is concerned, the two units have to be running the same major, minor and maintenance release (ie x.y.z). During the upgrade of the pair though you may have different maintenance releases (not maintenance partition releases) (z number)
The user should always keep in mind that in a failover pair upgrade scenario, he should always upgrade and reboot the standby unit. Upgrading to a newer maintenance release can be done hitlessly in an active/standby scenario as long as the standby unit is always rebooted. In other word, one unit has to be made standby, reimaged and rebooted, and vice versa for the other unit. In an active/active case, all contexts have to be failed over to one unit and the other will have to be upgraded and rebooted and vice versa.
Upgrading the maintenance partition software can be done hitlessly by just upgrading the standby unit. Or in an active/active scenario, failing all the contexts to one unit and upgrading the maintenance partition software
In a major or minor release upgrade scenario, both units need to be rebooted with a small time difference (approximately 30secs) after they have been loaded with the new image. So a hitless upgrade is not possible.
Hi Folks, A bit of a weird one. Have deployed IEEE 802.1X on wired network in 'Monitor Mode' with a view towards 'Low Impact' mode later this year. Having some issues at a particular site where certain MITEL 5224 IP Phones are working, whi...
Hello All... I am trying to configure a 5545X ASA to use Interface 0/0 and 0/1 on port-channel 1 I am using ASA Interfaces 0/2-0/5 in port-channel 2 with my various networks in subinterfaces.(with matching vlans) on the port-channel 2. I ha...
Hello, our app samepage.io has been blacklisted and our clients using Cisco are complaining thay cannot access it. We are classified as malware which is wrong. We are a business collaboration platform, have been around for quite a while and we have no mal...
i have recently configured a azure to asa site to site policy base vpn. Devices on the inside subnet can reach azure subnet. But when i try to ping azure subnet from ASA it fails. This makes LDAP authentication to fail since the ASA cant reach the LDAP se...