Solved

Cisco ASA 5520 Firmware Upgrade Path

Posted on 2011-02-28
4
2,631 Views
Last Modified: 2012-08-13
Hello,
I am currently running two Cisco ASA 5520's in an active/passive failover pair.  We are currently running version 8.0.2 of the firmware and would like to upgrade to the newest version.
I have two questions: 1) Should I upgrade all the way to 8.4.1 or go with a pre-8.3 version of 8.2.4? And why?
2) Should I upgrade all-in-one (i.e. from 8.0.2 to 8.4.1) or one minor revision at a time (i.e. 8.0.2 to 8.0.5 to 8.2.4 etc.)?

Uptime is of great importance.  We can't have more than a few minutes of downtime and ensuring that things work smoothly when the firewalls are on the new firmware is very important.

If there is any other information you feel is important when trying to make this decision, please feel free to ask me.

Thanks,
Danny
0
Comment
Question by:dbeutler
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 18

Expert Comment

by:jmeggers
ID: 35000262
There are major changes in the way NAT is handled in 8.3 and later code.  My suggestion would be to go to 8.2.4 code for the time being.  At whatever point you are seriously considering going to 8.3 or later, you'll probably want to either do some significant lab testing to understand how it works, or you'll want to schedule maintenance windows to have time to do the upgrade, test, etc., and be prepared to downgrade back to 8.2.4 if it's not performing the way you need it to.
0
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 35000805
Hi,

I also recommend 8.2.4, if the uptime is important, because there is same migration problem with the newer images! First of all I advise to upgrade your memory to 2Gbyte:

http://www.cisco.com/en/US/docs/security/asa/asa84/release/notes/asarn84.html

0
 

Author Comment

by:dbeutler
ID: 35037852
Hey Guys,
I have purchased the 2GB memory upgrade for both ASA's.  It seems like the suggestion is to go with 8.2.4.  The remaining question is: Should I upgrade all-in-one (i.e. from 8.0.2 to 8.4.1) or one minor revision at a time (i.e. 8.0.2 to 8.0.5 to 8.2.4 etc.)?
Please keep in mind that I want this to be as close to a zero-downtime upgrade as possible.

Thanks,
Danny
0
 
LVL 18

Accepted Solution

by:
jmeggers earned 500 total points
ID: 35068932
You should be able to upgrade directly to 8.2.4, you don't need to do each minor revision.  If you were going to 8.4, I would probably suggest going to 8.3 first since there are significant changes, then making the jump up to 8.4.  But unless there's a feature in 8.3 that you really need, I would stick with 8.2 for now.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Windows 2012 R2 HP Proliant 110 Gen9 multiple vlans on one NIC? 11 95
connect to cisco 2690 series 6 69
port forwarding 2 68
vpn through Cisco ASA appliance 3 26
Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question