Cisco ASA Firmware Update on Failover Cluster

· by · in

First we need to copy the firmware update and the ASDM on the Units. Please note these are not synced unlike the configuration. With savings via ASDM once again on the active to the passive IP and then upload it via browser, alternatively via CLI and tftp:

hostname# copy tftp://10.1.1.1/asa844-1-k8.bin disk0:/asa844-1-k8.bin 
hostname# copy tftp://10.1.1.1/asdm-649-103.bin disk0:/asdm-649-103.bin

next boot we will use the new firmware:

boot system disk0:/asa844-1-k8.bin 
asdm image disk0:/asdm-649-103.bin

Don’t forget to save!

wr mem

Be sure to be on of the active ASA:

ASA# sh failov state
State Last Failure Reason Date/Time
This host - Primary
Active None
Other host - Secondary
Standby Ready None
====Configuration State===
Sync Done - STANDBY
====Communication State===
Mac set

This host Primary Active.. nice!

Now, we restart the standby unit:

failover reload-standby

Wait until the replication of the config is done and move  the active role in the cluster to the standby unit(new firmware).

sh failover state
no failover active

Then we restart the new standby unit(still old firmware), by connect us back on the active unit, and then

failover reload-standby

Thats all Folks!

Tags: , , , , , ,