Guest

Preview Tool

Cisco Bug: CSCuj48751 - CSM Image Manager ASA failover pair upgrade is not hitless

Last Modified

Apr 17, 2020

Products (1)

  • Cisco Security Manager

Known Affected Releases

4.3(0)SP1

Description (partial)

Symptom:
Image Manager was introduced in CSM 4.3 and one of its functionalities is ASA image upgrade.
The current way the CSM is doing the ASA failover upgrade is:
1. Check for free space on the flash of active and standby ASAs
2. Copy the new ASA image to active ASA device
3. Verify the MD5 hash of the copied image
4. Switchover from active to standby
5. Copy the new ASA image to new-active ASA device
6. Verify the MD5 hash of the copied image
7. Change the boot system to the new image
8. Boot the standby ASA with the new image
9. Verify that the new ASA came up with the new image and failover is OK
10. Reload the current active ASA with the new image

Step 10 makes the standby ASA to take over after detecting that the ex-active ASA is down (due to reload). 
This causes a traffic outage which with the default ASA failover timers is around 15 sec.

Conditions:
ASA uses failover (Active/Standby or Active/Active)
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.