HA and Cluster Upgrade Workflow
Cisco Secure Firewall HA and Cluster Upgrade Workflow
Introduction
Cisco Secure firewall introduces an improved upgrade workflow for clusters and high-availability devices. The upgrade wizard displays cluster and high availability units as groups, rather than as individual devices. You can specify the data unit upgrade order in a cluster, the control unit always gets upgraded last. This guide reviews the steps for upgrading an HA firewall pair using the new workflow.
The Secure Firewall Management Center (FMC) is at Release 7.2, and the devices are on Release 7.1 and will be upgraded to 7.1.0.1-28. However, the workflow and steps to upgrade any firewall device remain the same.
Configuration
Step 1: Login to Cisco Secure Firewall Management Center (FMC) and navigate to Devices > Device Management and click on the checkbox of HA pair. Click Select Action and click Upgrade Firepower Software
️ Note
You may navigate by clicking Devices, and click Device Upgrade
Step 2: Click Select a version to select the desired version to upgrade.
️ Note
If the upgrade package is not present you will need to upload the upgrade package by clicking System (gear icon on the upper right corner of FMC) and clicking Updates
Step 3: Click Copy Upgrade Package and click Continue
Step 4 (optional): You can monitor the file copy progress from Tasks
Step 5: Once the Warning sign changes to a Green tick, click Next
Step 6: Click Run Readiness Check and click Continue
Step 7 (optional): You can check the status of the Readiness Check by going to Tasks
Step 8: Once the readiness check completes successfully. Select Next
️ Note
In-case of HA secondary unit always upgrades first. For Cluster units order can be changed for data units, control unit always upgrades last.
Step 9: Click Start Upgrade and then click Upgrade
Step 10: Click Finish to complete the wizard.
Step 11 (optional): You can check the status of the upgrade by going to Tasks
Verification
Step 1: Navigate to Devices and click Device Management. Both HA units should have a version as per the upgrade.
Step 2: Login to both the devices via SSH to the management IP of the respective device and run the command show version
to verify the version matches the FMC UI.
Summary:
This document provided an overview of the Cisco Secure Firewall HA upgrade to help administrators use the new wizard to apply upgrades.
📚 Additional Resources
Updated about 2 years ago