7-5. Upgrading Firewalls in Failover Mode
Upgrading the operating system on a single standalone firewall is straightforward. You download a new image to the firewall, save the running configuration, and reload the firewall. Obviously, this should all be done during a scheduled maintenance time in your network, because the reload interrupts network connectivity.
A failover pair of firewalls is slightly more complicated, because both firewalls must be running exactly the same release of code at all times. If the code release differs between the two firewalls, failover is disabled. This causes each firewall to run independently, each thinking that the other has either failed or is incompatible for failover.
Firewall platforms running the FWSM 2.x ...
Get Cisco ASA and PIX Firewall Handbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
