Configure Network Settings > FireCluster > FireCluster Upgrade and Migration > Upgrade Fireware OS for a FireCluster

Upgrade Fireware OS for a FireCluster

You can upgrade Fireware OS for a FireCluster from Policy Manager or Fireware Web UI. To upgrade a FireCluster that runs Fireware v11.10.x or lower, we recommend that you use Policy Manager.

When you upgrade a FireCluster, each cluster member reboots and then rejoins the FireCluster. Because load balancing is not available while a cluster member reboot is in progress, we recommend that you upgrade an active/active cluster when the network traffic is lightest.

For some Fireware OS upgrades, the cluster is unavailable and does not pass traffic until the upgrade is complete and the Fireboxes in the cluster reboot. If an OS upgrade will cause a service interruption, a warning appears, and you must confirm that you want to continue with the upgrade.

Use Policy Manager to Upgrade a FireCluster

For Fireware v11.12.1 and higher, you can only select to upgrade both FireCluster members. To avoid a service interruption, Policy Manager coordinates the upgrade of both cluster members, one at a time. Both members must run the same Fireware OS version.

With Fireware v11.12 and lower, from Policy Manager, you can select to upgrade one member or both members. To avoid possible issues (for example, mismatched firmware or cluster failure), we recommend that you select to upgrade both members. If you select to upgrade only one member, for the cluster to function, you must immediately upgrade the other member.

About the FireCluster Upgrade Process in Policy Manager

For upgrades from Fireware v11.11 or higher, Policy Manager supports two upgrade methods. The available method depends on the IP address you connect to when you upgrade the FireCluster.

  • Interface IP address — If you connect to an interface IP address for the upgrade, Policy Manager uploads the OS upgrade file to the cluster master. The cluster master sends the OS upgrade file to the backup master and automatically coordinates the upgrade of both cluster members.
  • Management IP address — If you connect to a cluster member Management IP address for the upgrade, Policy Manager connects to the Management IP address of each cluster member to upload the OS upgrade file separately to each member.

For upgrades from Fireware v11.10.x or lower, Policy Manager supports only one upgrade method. Policy Manager always connects to the Management IP address of each cluster member to upload the OS upgrade file separately.

Remote FireCluster Upgrade

If you have enabled management of your FireCluster from an external interface, you can remotely upgrade your Firebox. Because Fireware v11.11 does not require Policy Manager to connect to the management IP address to complete an upgrade, the requirements for remote upgrade of a FireCluster are different, and depend on the version you upgrade from.

Remote upgrade from Fireware v11.11 or higher

To upgrade a FireCluster that runs Fireware v11.11 or higher from a remote location, connect to the FireCluster with he external interface IP address. You do not have to configure the interface for management IP address on the external interface.

Remote upgrade from Fireware v11.10.x or lower

To upgrade a FireCluster that runs Fireware v11.10.x or lower from a remote location, the interface for management IP address must be configured on the external interface, and the IP address must be public, not private.

For more information, see About FireCluster Management IP Addresses.

Upgrade a FireCluster from Policy Manager

To upgrade from Fireware v11.11 or higher, the upgrade method you use depends on the IP address you connect to, as described in the previous section.

To upgrade Fireware OS for the members in a cluster, from Policy Manager:

  1. Select File > Upgrade.
    The Upgrade dialog box appears.

Screen shot of the Upgrade dialog box

  1. In the IP Address or Name text box, type an interface IP address for the cluster or the management IP address of a cluster member.
    The upgrade process depends on the IP address you specify, as described in the previous section.
  2. In the Administrator User Name text box, type the user name of a user account with Device Administrator credentials.
  3. In the Administrator Passphrase text box, type the passphrase for the Device Administrator user account.
  4. Click OK.
    The Upgrade dialog box appears.
  5. Type or select the location of the upgrade file.
    A confirmation message appears.
  6. (Fireware v11.12 and lower) Select the check box for each cluster member to upgrade.
    This option does not appear in Fireware v11.12.1 and higher.
  7. Click Yes.
    The upgrade begins. The upgrade status appears below the member list.

Screen shot of the Upgrade dialog box while an upgrade is in progress

When the upgrade is complete, a confirmation message appears.

Screen shot of the cluster upgrade success dialog box

  1. Click OK to dismiss the final status message.

For the FireCluster to operate correctly, both members must run the same Fireware OS version after the upgrade.

To verify that both cluster members run the same OS version:

  1. Open Firebox System Manager.
  2. Select the Front Panel tab.
  3. Expand the Warnings section.

If the version of Fireware OS on the cluster members is not the same, a warning appears. TipYou can also expand the Cluster section and compare the reported version for each member.

For more information, see Monitor and Control FireCluster Members.

Use Fireware Web UI to Upgrade a FireCluster

The steps to upgrade Fireware OS for a FireCluster from the Web UI depend on the Fireware OS version installed on the FireCluster.

  • In Fireware v11.11 or higher, the Web UI coordinates the upgrade of both cluster members, one at a time
  • In Fireware v11.10.x or lower, you must connect to and upgrade each cluster member separately

To upgrade a FireCluster from Fireware v11.10.x or lower, we recommend you use Policy Manager, because Policy Manager can coordinate the upgrade of both members.

See Also

FireCluster

Give Us Feedback     Get Support     All Product Documentation     Technical Search