Guest

Preview Tool

Cisco Bug: CSCuj48781 - CSM Image Manager user guide mentions zero downtime ASA failover upgrade

Last Modified

Oct 12, 2017

Products (1)

  • Cisco Security Manager

Known Affected Releases

4.3(0)SP1 4.4(0)SP1

Description (partial)

Symptom:
CSM user guide mentions that CSM Image Manager follows zero-downtime upgrade procedure.
Testing shows that it is not zero-downtime upgrade. An enhancement bug (CSCuj48751) was filed to make the procedure hitless.
Unless the enhancement is implemented the CSM documentation has to mention that the ASA failover upgrade procedure is not hitless.

Recommendation
In the CSM 4.3 user guide:
http://www.cisco.com/en/US/partner/docs/security/security_management/cisco_security_manager/security_manager/4.3/user/guide/immgt.html#wp11577
replace the current text:
"Image Manager follows the zero-downtime upgrade procedure as detailed at: 

http://www.cisco.com/en/US/partner/products/ps6120/products_configuration_example09186a0080b20f35.shtml. The image is copied to both the units and then configuration change 

is done to activate the image that is synced to both units. First the standby is reloaded via the active unit and after ensuring that the standby has been upgraded successfully to the new 

version, the current active is reloaded. After both the units are upgraded to the new version, the failover pair or cluster upgrade is marked successful."

with:
"Image Manager follows the upgrade procedure as detailed at: http://www.cisco.com/en/US/partner/products/ps6120/products_configuration_example09186a0080b20f35.shtml. The 

image is copied to both the units and then configuration change is done to activate the image that is synced to both units. First the standby is reloaded via the active unit and after 

ensuring that the standby has been upgraded successfully to the new version, the current active is reloaded. After both the units are upgraded to the new version, the failover pair or 

cluster upgrade is marked successful. Note that during the current active reload and until the standby ASA takes over the traffic going through the failover pair will be impacted"

Similarly for CSM 4.4. guide:
http://www.cisco.com/en/US/partner/docs/security/security_management/cisco_security_manager/security_manager/4.4/user/guide/immgt.html#wp111199

Conditions:
-
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.