Then from 8.3 to 8.4 (8.46 I think has worked OK for me). I like to take screenshots of ACLs/NATs/objects, in addition to the config backup, for easy reference. are OK, and fix anything that got messed up before proceeding. Once you're on 8.3, look over all the config and make sure your ACLs, NATs, objects, etc. This hop will try to migrate your rules to the new object/NAT syntax automatically. Before upgrading, make sure you have good backups, and issue the commands no nat-control and no names (they may already be in your config) - these will help prevent your config from getting hosed during the upgrade. NAT is the biggest change, and going from 8.2x to 9.x will require a couple hops to do it safely. You can load up ASDM 7.21 on both units before doing any changes, 7.21 has been stable for me across many ASA versions. I have a set of 5510s that I can practice on beforehand so I won't do the upgrade on production without having done it at least once on a spare set of devices.ĮDIT: Added current ASA and ASDM versions as requested by a commenter Obviously step one is a full backup of the current binaries, and a full config backup, those will definitely be done before attempting any sort of upgrade. I'm familiar enough with ASA to get around, edit the rules, and show configuration in ASDM and the command line, just not feeling comfortable on the upgrade process especially with a failover pair adding an extra layer of complexity.Ĭould someone chime in with a resource that explains the best way to handle a failover pair, or just post the proper order for an upgrade like this? Any tips or tricks for doing these upgrades would also be welcome! I'd like to do this via ASDM, as I'm more comfortable with the GUI, but the guide looks pretty thorough if I had to do an upgrade using the console cable and PuTTY.
My thought would be (with F1 being the current active and F2 being the current failover): I have the guide from Cisco about how to update the firewall ( ), but I want to ensure I update everything in the right order. These are approved by Cisco according to their compatibility matrix, and that's the recommended ASDM for that ASA OS version. We have ASA 9.0(3) downloaded from Cisco, as well as the latest ASDM to go with it 7.2(1). They are currently running ASA 8.2(1) with ASDM 6.2(1). I've been tasked with upgrading our ASA 5520 devices.
0 kommentar(er)
