FWSM OS upgrade in Active/Active mode

Hi All,
Can you please share me the procedure to upgrade FWSM in Active/Active mode with minimum downtime.
Regards,
Ajith

The procedure is documented in the configuration guide here.

Similar Messages

To apply license in FWSM (Active-Active mode) and disable failover

Dear Team
I want to apply license to increase security context in FWSM which is running in Active-Active mode on VSS Core switches
As per below document, first we need to disable failover by entering 'no failover' command on active FWSM and then apply the license seperately on both FWSM.
I just want to know when i will disable the failover then standby move to pseudo-standby state.
Will there be any services impact which are running behind the FWSM when disbaling the failover and then re-enabling the failover.
http://www.cisco.com/c/en/us/td/docs/security/fwsm/fwsm40/configuration/guide/fwsm_cfg/swcnfg_f.html#wp1073226
Appreciate your response.

Hi,
I think in your case as it is Active/Active , there is one extra step required.
You need to make all the contexts active on one unit and on the other one all should be standby.
Then disable the failover and update the license and re-enable the failover.
Thanks and Regards,
Vibhor Amrodia

FWSM 4.0: switch from active/standby to active/active failover mode

Hello,
I have a pair of FWSM's running version 4.0 currently in active/standby failover mode, and I'd like to switch them to be active/active. Is there a documented procedure for doing this? What are the implications for any contexts switched to be primary on the FWSM that is currently acting as a standby (i.e., what kind of outage time can we expect)?
Thanks in advance,
Mike

Hi Bro
Thanks for the update, but still you'll need to create 2 contexts, each context will be ACTIVE on different Cisco ASA FW units. Hence, there will be some cut, copy and paste effort, not forgetting recabling, if that's needed. Here's a Cisco document to configure ACTIVE/ACTIVE for those who can't seem to find this document http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080834058.shtml#req
Conclusion: There will be some network downtime. I'm guessing 15min, if it was me :-)
P/S: If you think this comment is helpful, please do rate it nicely :-)

Can't change activation only mode to off using the command line in Windows 7 64 bit

I used the command line to turn activation only mode on and now when I use teh command to turn it off it will not change the iTunes setup. I am on Windows 7 64 bit. I tried uninstalling itunes and reinstalling and it is stillin activation only mode.

Hi! Thx for your quick reply! I am still unsure what to do tho---see my questions below in bold:
Windows 7 comes with its own version of the standard PostScript driver. = Where is this driver? I have no idea how to find it, it doesn't show up in my Printer menu in FM?
Given that PostScript generated by a driver can be highly device-specific, you need to install the driver as modified by the PPD file for the device in question. Most printer manufacturers in fact provide a PostScript driver installer that associates their printer's PPD file with the standard Windows Printer driver and subsequently creates what is called a PostScript printer driver instance for the particular device on the I/O port you designate. = ??? I've only updated a PPD file for watermarks and have no idea what this means...is there a step-by-step instruction for this? I just need to download a PS driver to select that works & doesn't freeze up my FM when creating a .ps file.
The real question thus is exactly what are you trying to generate PostScript for? = I create a PS, & then use Distiller to create a PDF. This enables me to have a PDF that automatically has Bookmarks, the TOC/LOF/LOT & all corss-refs are hyperlinked, etc.
If you are trying to create PostScript for distillation into PDF, Acrobat installs a PostScript driver instance of its own, labelled Adobe PDF, that is associated with the Acrobat Distiller PPD. = I have tried the Adobe PDF selection from my Printer menu in FM, but it freezes up FM and I have to close the whole program & no PDF generates.
BTW, although you may be successful in installing and running FrameMaker 8 on Windows 7, in fact Adobe officially does not support FrameMaker 8 on Windows 7. = I don't know what to say---the upgrade is too expensive for some of us folks out here right now, so we all need to work with what we have for now!
I appreciate your help, thank you.

Upgrading ACE , redundant active-active context

Hi,
We have 2 ACE's running in our network, and we would like to upgrade the ACE software.
To minimize any disruption to existing network traffic during a software upgrade or downgrade, deploy your ACE modules in a redundant configuration. For details about redundancy, see Chapter 7, Configuring Redundant ACE Modules. The following steps provide an overview on upgrading a redundant configuration used in conjunction with the procedures in this appendix:
1. Upgrade the active module first.
2. Reboot the active ACE after the software installation. When you reboot the active ACE, it fails over to the standby module and existing traffic continues without interruption.
3. Upgrade the new active module.
4. Reload the active ACE after the redundant module is up and the high availability (HA) state is hot. A similar failover occurs when you reboot this ACE and once again the existing traffic continues. The original active ACE is active once again.
http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/v3.00_A1/configuration/administration/guide/upgrade.html
This section describes the methods and CLI commands that you can use to troubleshoot redundancy issues in your ACE.
1. Ensure that the software versions and licenses installed in the two ACEs are identical. A software or license mismatch may generate the following syslog message:
%ACE-1-727006: HA: Peer is incompatible due to error str. Cannot be Redundant.
http://docwiki.cisco.com/wiki/Cisco_Application_Control_Engine_(ACE)_Module_Troubleshooting_Guide,_Release_A2(x)_--_Troubleshooting_Redundancy
Following those step, is there any problem would happen after step 2 , having a different software version on the first and second module?
also on step 4 ' Reload the active ACE after the redundant module is up and the high availability (HA) state is hot. ' , is that possible with both module use a different software version ?

Hi,
When you upgrade or downgrade the ACE software in a redundant configuration with different software versions, the STANDBY_WARM and WARM_COMPATIBLE states allow the configuration and state synchronization process between the peers to continue on a best-effort basis. This basis allows the active ACE to synchronize configuration and state information with the standby even though the standby may not recognize or understand the CLI commands or state information.
In the STANDBY_WARM state, as with the STANDBY_HOT state, configuration mode is disabled on the standby ACE and configuration and state synchronization continues. A failover from the active to the standby based on priorities and preempt can still occur while the standby is in the STANDBY_WARM state. However, while stateful failover is possible for a WARM standby, it is not guaranteed. In general, modules should be allowed to remain in this state only for a short period of time.
http://docwiki.cisco.com/wiki/Cisco_Application_Control_Engine_%28ACE%29_Module_Troubleshooting_Guide,_Release_A2%28x%29_--_Troubleshooting_Redundancy#About_WARM_COMPATIBLE_and_STANDBY_WARM
Siva

FWSM Primary delay returning to active

Hi,
We have several FWSM in 2 6500 chassis and a few days ago the primary FWSM rebooted itself for unknown reasons and the secondary FWSM took over as planned.
But the primary FWSM has, after several days, switched back over to active automatically.
Question is, does anyone know why there would be such a long delay for the primary to request active mode?

Hi,
Thanks for your reply. This is May 27 14:22:41 10.10.0.18 %FWSM-1-104002: May 27 14:22:41 10.10.0.18 %FWSM-1-104001: Here is the failover history from Not Detected Negotiation Negotiation Cold Standby Cold Standby Sync Config Sync Config Sync File System Sync File System Bulk Sync Bulk Sync Standby Ready Standby Ready Just Active Just Active Active Drain Active Drain Active Applying Config Active Applying Config Active Config Applied Active Config Applied Active Active Standby Ready Standby Ready Just Active Just Active Active Drain Active Drain Active Applying Config Active Applying Config Active Config Applied Active Config Applied Active Active Standby Ready Cheers,
- Trevor the log output when the primary decided to take over as active:-
(Secondary) Switching to STNDBY - Other unit want me Standby
(Primary) Switching to ACTIVE - Set by the CI config cmd
the standby unit. It did not reboot like the primary did a few days ago.
No Error
Detected an Active mate
Detected an Active mate
Detected an Active mate
Detected an Active mate
Detected an Active mate
Other unit want me Active
Other unit want me Active
Other unit want me Active
Other unit want me Active
Other unit want me Active
Set by the CI config cmd
HELLO not heard from mate
HELLO not heard from mate
HELLO not heard from mate
HELLO not heard from mate
HELLO not heard from mate
Other unit want me Standby

Active-Active firewall, multiple mode can't do file management?

Hi all
as above title, found that i can't use ASDM to do file management.
I get this after i read the configuration documents: Backing Up and Restoring Configurations, Images, and Profiles (Single Mode)
So in Active-Active it's a multiple mode, can't just simply backup/upgrade it firmware and ASDM?
You are welcome to share your comment, thanks in advance
Noel

Hi,
Please make sure you are in the system context to take the back up or restore. It only appears in the system context.
Thanks,
Varun Rao
Security Team,
Cisco TAC

Upgrade to Cisco Active Advisor tonight at 9pm CDT

Hello CAA users,
Cisco Active Advisor will be upgraded tonight at 9:00PM CDT.
During this time, we expect a brief downtime, of up to 5 minutes, so please excuse the interruption and try us again a few minutes following.
Thank you,
The CAA Team

If you want to maniuplate the update process you need to use the manual process over the automated. If you use the automated process we attempt to do the following. One host in each Cluster managed by the Nexus 1000V will be chosen for upgrade. This host will be put in maintenance mode, upgraded, removed from maintenance mode, and then move to the next host. I'm not sure how we choose the host in the cluster but in my setup where I use IP addresses as host names it uses the lowest number IP address first.
I can talk to engineering and see if it's possible, but we are constrained with what can be done based off the APIs that VMware makes available. Again if you want to control which ESX hosts are updated and when I would highly recommend using the manual method.
louis

How to get the number of current active external modes?

hi all,
I need to get the number of currently active external modes. This can be done by calling function THUSRINFO. But this only works propperly, if you are logged on only once. If you are logged on more than one time then the function returns several entries in the parameter USR_TABLE. The entries mainly differ in the first parameter TID (type UTID, INT4) "terminal-identification" but how can I know which is the valid one for my current session. Functions TERMINAL_ID_GET, SPH_TERMINAL_IDENTIFY and SPH_TERMINAL_ID_GET dont work.
Or is there another way to get the number of active external sessions?
Thanks in advance,
Michael

Hi,
tables: usr02, usr41.
data: OPCODE_MODE_COUNT(1) TYPE X VALUE 3,
      modes like sy-index,
      u_MODES LIKE MODES.
select * from usr02.
select * from usr41 where BNAME = usr02-bname.
    CALL 'ThUsrInfo' ID 'OPCODE' FIELD OPCODE_MODE_COUNT
      ID 'TID' FIELD usr41-TERMID
      ID 'MODES' FIELD MODES.
    IF SY-SUBRC = 0.
      u_MODES = u_MODES + MODES.
    ENDIF.
endselect.
if sy-subrc = 0.
    write:/ usr02-bname, u_MODES.
endif.
clear u_modes.
endselect.

File Adapter Sender - Does XI support Active connection mode?

Does the file adapter support Active connection mode?

What do you mean by this? R u talking about FTP connections?
VJ

Oracle 10g Database Installation In Active-Passive Mode.

Good Afternoon !!!!
We are installing Oracle 10g in Active-Passive Mode on HP UX-11.3 , with ASM. Can someone help me with step wise installation procedure for the same.
Many Thank's
Rajeev.

Check on the release notes for your platform
This is for x86-64 Linux.. read it all, then you'll find the "6 Documentation Corrections and Additions" section you'll find the RPMs that you need
http://download.oracle.com/docs/cd/B19306_01/relnotes.102/b15666/toc.htm
then go to the official doc installation of 10gR2 on x86-64 Linux
http://download.oracle.com/docs/cd/B19306_01/install.102/b15667/toc.htm
Yum is a package management tool. This is what you'll be using to install the RPMs. But first you'll have to setup the Yum repository, usually what I do is stage the DVD media on the server then make it as a repository. If ever there's a specific (higher) version that I need then I just pull it on the RedHat Network.
There are a lot of HOWTOs about Yum. You may read on this link http://docs.fedoraproject.org/yum/en/
- Karl Arao
http://karlarao.wordpress.com/

Is it possible to configure NLB clustering in Active/Active mode.

Hello Guys,
Just wanted to know If I can manually configure my NLB cluster to work in ACTIVE/ACTIVE mode as we can do for Microsoft fail over clustering.
Thanks & Regards
Amit Pal Singh

Hi Amit Pal Singh,
I think you must some misunderstand about the failover and NLB, I assume you are trying to install the Failover cluster, you can refer the following article to install the
A-A failover cluster.
Creating an Active/Active SQL Cluster using Hyper-V: Part2 the Clustered Instances
http://blogs.msdn.com/b/momalek/archive/2012/04/11/creating-an-active-active-sql-cluster-using-hyper-v-part2-the-clustered-instances.aspx
More information:
How Network Load Balancing works
http://technet.microsoft.com/en-us/library/cc738894(v=ws.10).aspx
I’m glad to be of help to you!
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place.

How to tell if Active/active or Active/Standby mode is configured?

Folks:
I am still learning the output of my running config, but how do I tell if my firewall is set to Actve/Active or Active/Standby mode?
In addition, how do I tell if it uses regular or stateful failover mode?
Thank you

I wanted to provide this as well, since I found it and it also helped me answering my question.
This output shows Active/Active failover output.
**Note** it says PIX; however, I beleive it will be the same output for ASA.
PIX1(config-subif)#show failover
Failover On
Cable status: N/A - LAN-based failover enabled
Failover unit Primary
Failover LAN Interface: LANFailover Ethernet3 (up)
Unit Poll frequency 15 seconds, holdtime 45 seconds
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 4 of 250 maximum
Version: Ours 7.2(2), Mate 7.2(2)
Group 1 last failover at: 06:12:45 UTC Apr 16 2007
Group 2 last failover at: 06:12:43 UTC Apr 16 2007
This host:    Primary
Group 1       State:          Active
                Active time:    359610 (sec)
Group 2       State:          Standby Ready
                Active time:    3165 (sec)
                  context1 Interface inside (192.168.1.1): Normal
                  context1 Interface outside (172.16.1.1): Normal
                  context2 Interface inside (192.168.2.2): Normal
                  context2 Interface outside (172.16.2.2): Normal
Other host:   Secondary
Group 1       State:          Standby Ready
                Active time:    0 (sec)
Group 2       State:          Active
                Active time:    3900 (sec)
                  context1 Interface inside (192.168.1.2): Normal
                  context1 Interface outside (172.16.1.2): Normal
                  context2 Interface inside (192.168.2.1): Normal
                  context2 Interface outside (172.16.2.1): Normal

Single AIP-SSM in Cisco ASA Failover Active / Standby Mode

Hi,
I can add single AIP-SSM on Cisco ASA in failover active / standby mode?

No, both units need the same hardware, that includes the installed modules.
Sent from Cisco Technical Support iPad App

Stop/start in PGW active/standby mode

Hi all
My VOIP Network has 2 PGW in active/standby mode. But when we add more telco, the state of ss7path is OOS. i must stop/start the PGW and ss7path is IS status.
Now PGW is running services. it processing many call with other telco.
i have question need to support.
When we stop/start PGW,has PGW disconnected all call or not?
Thank for supporting
PhaiLQ

If you restart the service on active pgw, calls are disconnected. If you don't want out of services you must pass the control to the standby server first.
From mml console of active server use the command:
rtrv-ne    to check the status, the output is:
    MGC-01 - Media Gateway Controller 2010-09-07 16:53:42.655 MEST
M RTRV
   "Type:MGC"
   "Hardware platform:sun4u sparc SUNW,Sun-Fire-V240"
   "Vendor:"Cisco Systems, Inc.""
   "Location:MGC-01 - Media Gateway Controller"
   "Version:"9.6(1)""
   "Platform State:ACTIVE"
sw-over::confirm to swich control to standby server
now restart the service
/etc/init.d/CiscoMGC stop
/etc/init.d/CiscoMGC start
P.S. If I remember the right way, the OOS (out of service) state of new ss7 path can be set in IS (in service) via mml command line without service restart.
set- your ss7 path ::IS   use tab for help
Regards.

FWSM OS upgrade in Active/Active mode

Similar Messages

Maybe you are looking for