Solved

Cisco ASA 5520 Firmware Upgrade Path

Posted on 2011-02-28
4
2,538 Views
Last Modified: 2012-08-13
Hello,
I am currently running two Cisco ASA 5520's in an active/passive failover pair.  We are currently running version 8.0.2 of the firmware and would like to upgrade to the newest version.
I have two questions: 1) Should I upgrade all the way to 8.4.1 or go with a pre-8.3 version of 8.2.4? And why?
2) Should I upgrade all-in-one (i.e. from 8.0.2 to 8.4.1) or one minor revision at a time (i.e. 8.0.2 to 8.0.5 to 8.2.4 etc.)?

Uptime is of great importance.  We can't have more than a few minutes of downtime and ensuring that things work smoothly when the firewalls are on the new firmware is very important.

If there is any other information you feel is important when trying to make this decision, please feel free to ask me.

Thanks,
Danny
0
Comment
Question by:dbeutler
  • 2
4 Comments
 
LVL 18

Expert Comment

by:jmeggers
ID: 35000262
There are major changes in the way NAT is handled in 8.3 and later code.  My suggestion would be to go to 8.2.4 code for the time being.  At whatever point you are seriously considering going to 8.3 or later, you'll probably want to either do some significant lab testing to understand how it works, or you'll want to schedule maintenance windows to have time to do the upgrade, test, etc., and be prepared to downgrade back to 8.2.4 if it's not performing the way you need it to.
0
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 35000805
Hi,

I also recommend 8.2.4, if the uptime is important, because there is same migration problem with the newer images! First of all I advise to upgrade your memory to 2Gbyte:

http://www.cisco.com/en/US/docs/security/asa/asa84/release/notes/asarn84.html

0
 

Author Comment

by:dbeutler
ID: 35037852
Hey Guys,
I have purchased the 2GB memory upgrade for both ASA's.  It seems like the suggestion is to go with 8.2.4.  The remaining question is: Should I upgrade all-in-one (i.e. from 8.0.2 to 8.4.1) or one minor revision at a time (i.e. 8.0.2 to 8.0.5 to 8.2.4 etc.)?
Please keep in mind that I want this to be as close to a zero-downtime upgrade as possible.

Thanks,
Danny
0
 
LVL 18

Accepted Solution

by:
jmeggers earned 500 total points
ID: 35068932
You should be able to upgrade directly to 8.2.4, you don't need to do each minor revision.  If you were going to 8.4, I would probably suggest going to 8.3 first since there are significant changes, then making the jump up to 8.4.  But unless there's a feature in 8.3 that you really need, I would stick with 8.2 for now.
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Cisco Pix/ASA hairpinning The term, hairpinning, comes from the fact that the traffic comes from one source into a router or similar device, makes a U-turn, and goes back the same way it came. Visualize this and you will see something that looks …
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now