• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2753
  • Last Modified:

Cisco ASA 5520 Firmware Upgrade Path

Hello,
I am currently running two Cisco ASA 5520's in an active/passive failover pair.  We are currently running version 8.0.2 of the firmware and would like to upgrade to the newest version.
I have two questions: 1) Should I upgrade all the way to 8.4.1 or go with a pre-8.3 version of 8.2.4? And why?
2) Should I upgrade all-in-one (i.e. from 8.0.2 to 8.4.1) or one minor revision at a time (i.e. 8.0.2 to 8.0.5 to 8.2.4 etc.)?

Uptime is of great importance.  We can't have more than a few minutes of downtime and ensuring that things work smoothly when the firewalls are on the new firmware is very important.

If there is any other information you feel is important when trying to make this decision, please feel free to ask me.

Thanks,
Danny
0
dbeutler
Asked:
dbeutler
  • 2
1 Solution
 
jmeggersSr. Network and Security EngineerCommented:
There are major changes in the way NAT is handled in 8.3 and later code.  My suggestion would be to go to 8.2.4 code for the time being.  At whatever point you are seriously considering going to 8.3 or later, you'll probably want to either do some significant lab testing to understand how it works, or you'll want to schedule maintenance windows to have time to do the upgrade, test, etc., and be prepared to downgrade back to 8.2.4 if it's not performing the way you need it to.
0
 
Istvan KalmarHead of IT Security Division Commented:
Hi,

I also recommend 8.2.4, if the uptime is important, because there is same migration problem with the newer images! First of all I advise to upgrade your memory to 2Gbyte:

http://www.cisco.com/en/US/docs/security/asa/asa84/release/notes/asarn84.html

0
 
dbeutlerAuthor Commented:
Hey Guys,
I have purchased the 2GB memory upgrade for both ASA's.  It seems like the suggestion is to go with 8.2.4.  The remaining question is: Should I upgrade all-in-one (i.e. from 8.0.2 to 8.4.1) or one minor revision at a time (i.e. 8.0.2 to 8.0.5 to 8.2.4 etc.)?
Please keep in mind that I want this to be as close to a zero-downtime upgrade as possible.

Thanks,
Danny
0
 
jmeggersSr. Network and Security EngineerCommented:
You should be able to upgrade directly to 8.2.4, you don't need to do each minor revision.  If you were going to 8.4, I would probably suggest going to 8.3 first since there are significant changes, then making the jump up to 8.4.  But unless there's a feature in 8.3 that you really need, I would stick with 8.2 for now.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now