• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 573
  • Last Modified:

Cisco firmware/IOS upgrade recommendations

A customer approached us today, willing to spend annual funds on "keeping their equipment up-to-date" - this equipment includes several Cisco switches and a couple ASA firewalls.

Broad topic, but I've never been concerned about "firmware" upgrades on Cisco gear - it's always been about the IOS revisions. Given that, I've run into several occasions where upgrading the main OS (especially for ASA firewalls) has produced more pain than expected.

How would you react to this request?  I'm not sure I believe that a customer request to "keep everything current" (the latest of everything) is a good idea in the Cisco realm.  Plus, is there really any reason to upgrade the firmware of the devices (as opposed to just the OS versions)?

Open discussion here, and thanks!

  • 2
2 Solutions
Don JohnstonInstructorCommented:
>How would you react to this request?

I recommend to only upgrade the IOS when there is a bug that affects the current operations or a feature is required that is only available on a later release.

There is nothing to be gained by blindly upgrading the IOS to the latest version.
atlas_shudderedSr. Network EngineerCommented:
I agree with donj with the caveate that you should inquire with your customer as to the reason driving the decision.  I have worked in environments in the past were it was a customer (my employer's customer that is) requirement that IOS, etc. be no more than two revisions out of date and not be any revision with a known security vulnerability within a utilized feature set.
cfan73Author Commented:
Thanks for the feedback, guys - a couple follow up questions and I'll award points:

1) I understand about the "blind upgrade" thing - makes sense.  (If you're not having problems, why upgrade?)  Having said that, if I wanted to examine the IOS currently running on my system to see if there are any known vulnerabilities with it (thus warranting an upgrade), is there a Cisco link that would point this out and provide a recommended "safe" upgrade to replace it with?

2) Plus, have either of you ever seen something concerned with upgrading the FIRMWARE of a Cisco device for any reason, as opposed to just the IOS?

Thanks again
Don JohnstonInstructorCommented:
1) On the Cisco, click on "support". Then down the page under "Support Tools" you'll find a link to the "Bug Toolkit". Once there, you can search for bugs by IOS version. This does require an CCO login though.

2) No.

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now