I have a pair of Active/Standby ASA need to upgrade from 9.1.5 to 9.1.7.
I am going to upgrade the Standby unit first and then force it to become active.
In case of any unpredictable problem on version 9.1.7.
I want to wait for a week before upgrading another the another ASA.
My concern is this pair of ASA can't perform hot standby due to the version difference.
Can CISCO ASA hot standby if their firmware version is different?
2.5k views Asked by Sean Out At
1
This is what cisco saying you don't need to maintain same version while upgrade, failover works regardless of your minor version number, I believe you are good to go:
http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/111867-asa-failover-upgrade.html
Perform Zero-Downtime Upgrades for Failover Pairs
The two units in a failover configuration should have the same major (first number) and minor (second number) software version. However, you do not need to maintain version parity on the units during the upgrade process; you can have different versions on the software running on each unit and still maintain failover support. In order to ensure long-term compatibility and stability, Cisco recommends that you upgrade both units to the same version as soon as possible.