cfan73
asked on
Cisco firmware/IOS upgrade recommendations
A customer approached us today, willing to spend annual funds on "keeping their equipment up-to-date" - this equipment includes several Cisco switches and a couple ASA firewalls.
Broad topic, but I've never been concerned about "firmware" upgrades on Cisco gear - it's always been about the IOS revisions. Given that, I've run into several occasions where upgrading the main OS (especially for ASA firewalls) has produced more pain than expected.
How would you react to this request? I'm not sure I believe that a customer request to "keep everything current" (the latest of everything) is a good idea in the Cisco realm. Plus, is there really any reason to upgrade the firmware of the devices (as opposed to just the OS versions)?
Open discussion here, and thanks!
Broad topic, but I've never been concerned about "firmware" upgrades on Cisco gear - it's always been about the IOS revisions. Given that, I've run into several occasions where upgrading the main OS (especially for ASA firewalls) has produced more pain than expected.
How would you react to this request? I'm not sure I believe that a customer request to "keep everything current" (the latest of everything) is a good idea in the Cisco realm. Plus, is there really any reason to upgrade the firmware of the devices (as opposed to just the OS versions)?
Open discussion here, and thanks!
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for the feedback, guys - a couple follow up questions and I'll award points:
1) I understand about the "blind upgrade" thing - makes sense. (If you're not having problems, why upgrade?) Having said that, if I wanted to examine the IOS currently running on my system to see if there are any known vulnerabilities with it (thus warranting an upgrade), is there a Cisco link that would point this out and provide a recommended "safe" upgrade to replace it with?
2) Plus, have either of you ever seen something concerned with upgrading the FIRMWARE of a Cisco device for any reason, as opposed to just the IOS?
Thanks again
1) I understand about the "blind upgrade" thing - makes sense. (If you're not having problems, why upgrade?) Having said that, if I wanted to examine the IOS currently running on my system to see if there are any known vulnerabilities with it (thus warranting an upgrade), is there a Cisco link that would point this out and provide a recommended "safe" upgrade to replace it with?
2) Plus, have either of you ever seen something concerned with upgrading the FIRMWARE of a Cisco device for any reason, as opposed to just the IOS?
Thanks again
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I recommend to only upgrade the IOS when there is a bug that affects the current operations or a feature is required that is only available on a later release.
There is nothing to be gained by blindly upgrading the IOS to the latest version.