• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 395
  • Last Modified:

upgrade the ASAs running failover

hi experts
i have 2 ASA which they are running failover, everything is fine.
currently i want upgrade the software of them, i already copy new "BIN" file to both, so what is the next we should do?
i mean can i reboot it one by one without service down ? and what the detail steps?

thanks
0
beardog1113
Asked:
beardog1113
  • 7
  • 5
1 Solution
 
btassureCommented:
From Cisco:
http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/mswlicfg.html#wp1053398

tl;dr upgrade the fialover, fail it over, upgrade primary and fail it back.
0
 
bgoeringCommented:
Take a look at this EE thread: http://www.experts-exchange.com/Hardware/Networking_Hardware/Firewalls/Q_25008732.html

Pretty much the same question solved there

Good Luck
0
 
beardog1113Author Commented:
hi btassure
whats your mena tl and dr you mentioned ?

thanks
0
Turn Raw Data into a Real Career

There’s a growing demand for qualified analysts who can make sense of Big Data. With an MS in Data Analytics, you can become the data mining, management, mapping, and munging expert that today’s leading corporations desperately need.

 
beardog1113Author Commented:
hi bgoering
does there is a way not causing down time for the upgrade?

thanks
0
 
bgoeringCommented:
I would think that would depend on the type of upgrade. If you or going across major version like 7.x to 8.x I would probably allow for a short down time. Minor versions like 8.1 to 8.2 you should be able to just upgrade a node, fail to the new node, upgrade the remaining node and fail back if desired.

When in doubt look at the release notes - they typically will tell you. What version are you going to? What is the old version?
0
 
bgoeringCommented:
I would probably make an exception to my "rule of thumb" above. 8.x to 8.3 requires a significant migration of the configuration. I would try to get some downtime for that also just in case.
0
 
bgoeringCommented:
that link that btassure posted above covers the rules pretty well as well as the procedure (I was just working from memory).
0
 
beardog1113Author Commented:
i want upgrade from 8.2(1) to 8.2(2)4, seem it like as your said minor version.

right ?
0
 
bgoeringCommented:
Yes that should be a trivial upgrade. The number in parenthisis is a maintenance release... you appear to be statying with in the same major "8" and minor "2" and just upgrade maintenance level from (1) to (4).

 In your case it would be a simple as

1. Upgrade the secondary
2. Fail primary over to secondary
3. Upgrade the primary
4. Fail back if desired
0
 
beardog1113Author Commented:
hi bgoering
first sorry for late response
does your steps more detail as below ?
1. upgrade the secondary
2. restart secondary
3. fail primary over to secondary( could you let me know what the command is ?)
4. upgrade the primary
5.restart primary
6. fail back

and that will not causing service down, right ?

thanks
0
 
bgoeringCommented:
Yes, that would be the steps. for (3) log onto the secondary and issue command

fail active

that will make it active, same thing for step (60 except you log on to primary.

Try "fail ?" for more options
0
 
bgoeringCommented:
Assuming you have set up a link between them for state information then there will be absolutly no downtime. If you haven't set up that link then connections in flight will be reset - often this is handled transparently by the application with a retry or retransmit, but some applications may be affected.
0
 
beardog1113Author Commented:
perfect
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

IT Degree with Certifications Included

Aspire to become a network administrator, network security analyst, or computer and information systems manager? Make the most of your experience as an IT professional by earning your B.S. in Network Operations and Security.

  • 7
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now