Upgrading a PIX failover pair

There used to be lengthy instructions in the PIX documentation about the Cisco-blessed way to upgrade a PIX failover pair, but I can't seem to locate that information now in the standard PIX documentation areas (for 6.3, 6.2,

6.1, or 6.0). Maybe I'm just missing something obvious?

Also, the Cisco method I'm talking about was overly complex, IMO, so: does anyone have a methodology that they feel is better? My usual approach has just been to do them one after the other with the other unit powered off, during a downtime window.

This is for an upgrade from 6.3(3) to 6.3(5)...nothing major.

- John

Reply to
John Caruso
Loading thread data ...

Hi,

Yeah I did remember reading that document. I think I just upgraded the primary, then the secondary then just reboot the primary and the secondary about a few seconds after.

Cheers

Matt

Reply to
Matty M

Matt, You have more faith than I do in the quality and backwards compatibility of firmware upgrades. Either that or you have incredibly long maintenance windows if you need to back out the changes.

If the application is as downtime sensitive as the use of a failover PIX implies, I prefer to avoid touching the backup PIX until after the upgrade has been fully verified and passed all short term tests. It is usually much quicker to plug in the half a dozen or so network connections than it is to wait for it to boot up. So I upgrade the flash in the secondary, shut it down and disconnect it from the network, then bring it up with the new OS. The key is to verify that the configuration still looks right (line by line with a saved copy of what it was... you would be amazed at how much changes sometimes), make any fixes which are obvious, then disconnect the primary PIX and put the backup back on the network. Only after testing all critical applications is it time to upgrade the second PIX and put it back on line. Don't forget to make sure that all the tweaks made to the secondary are also made to the primary, and last but not least, test failover to make sure that that didn't get broken (the reason you upgrade the secondary first, otherwise you have to test failover, then failover again when you put the primary back on line). If you do it right, you can keep the service disruptions down to the equivalent of single failover and return to normalcy (two brief service disruptions for normal users, down and back for VPNs).

Yes, it is a little more work. But it is a lot less panic when the upgrade turns out not to be 100% smooth. For a 6.3(3) to 6.3(4) type of upgrade it may be over kill.

Good luck and have fun!

Reply to
Vincent C Jones

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.