前期准备
1.评估目标版本
- 目标版本已知Bug分析
- 目标版本升级路径
2.从Software Download下载所需的文件
3.确认硬件设备状态
ASA# show interface ip brief
ASA# show route
ASA# show crypto isakmp sa
ASA# show crypto ikev2 sa
ASA# show crypto ipsec sa
ASA# show license udi
ASA# show license feature
ASA# show license status
ASA# show version
4.配置备份
ASA# copy running-config ftp://ftp_username:ftp_password@ftp_ip_address/XXXXXXXX.cfg(XXXXXXXX代表日期)
ASA# copy running-config disk0:/XXXXXX.cfg(XXXXXXXX代表日期)
5.上传ASA、ASDM镜像
ASA# copy ftp://<ftp_username>:<ftp_password>@<ftp_ip_address>/<asdm_new_image_filename.bin> disk0:/
ASA# connect fxos
firepower-2110# scope firmware
firepower-2110/firmware# download image ftp://<ftp_username>:<ftp_password>@<ftp_ip_address>/<asa_new_image_filename.SPA>
6.校验ASA软件包
firepower-2110# scope firmware
firepower-2110/firmware# show package
firepower-2110/firmware# verify security-pack <asa_new_version>
7.校验ASDM软件包
ASA# dir disk0:/
ASA# verify /md5 disk0:/<asdm_new_image_filename.bin>
系统升级
1.ASA系统升级 (设备需重启)
firepower-2110# scope firmware
firepower-2110/firmware# scope auto-install
firepower-2110/firmware/auto-install# install security-pack version <asa_new_version>
2.ASDM升级
ASA# configure terminal
ASA(config)# asdm image disk0:/<asdm_new_image_filename.bin>
3.配置保存
ASA# copy running-config startup-config
应用检查
1.硬件设备状态
ASA# show interface ip brief
ASA# show route
ASA# show crypto isakmp sa
ASA# show crypto ikev2 sa
ASA# show crypto ipsec sa
ASA# show license udi
ASA# show license feature
ASA# show license status
ASA# show version
2.防火墙配置对比
3.网络通讯检查
Rollback
1.ASA系统降级 (设备需重启)
ASA# connect fxos
firepower-2110# scope firmware
firepower-2110/firmware# scope auto-install
firepower-2110/firmware/auto-install# install security-pack version <asa_old_version>
2.ASDM降级
ASA# configure terminal
ASA(config)# asdm image disk0:/<asdm_old_image_filename.bin>
3.配置保存
ASA# copy running-config startup-config
