FWSM IOS upgrade

Security 1 Minute

If you need to upgrade the IOS on a FWSM (Firewall Switch Module), you will soon find out, that the upgrade works slightly different to routers. You don’t have the option of using multiple ‘boot system’ commands, nor can you copy more than one IOS image to the FWSM flash. But then what about failback, if you don’t have the old/current IOS version? (and no you can’t just tftp/ftp the current image from a FWSM when in-use). So now what?

A really neat yet fairly undocumented feature is how the FWSM  addresses the space allocation of the Flash memory. Refer to the application partitions (cf:4 and cf:5), see a previous post that listed the partition break down.

Application Partition cf:4 is used by default,  but cf:5 not.  Because cf:5 provides a secondary partition to boot from,  it allows you to test config on a new IOS version. If you boot of cf:5 appose to cf:4, you have a clean and fresh ‘dir flash:‘ to load a new IOS image on, while leaving the working ‘dir flash:‘ intact .

Just change the default boot partition to cf:5 from the switch, with
boot device module {MOD-NUMBER} cf:5

Then reload the module, and load the ‘test’ IOS image to flash (now cf:5) and do any tests necessary. Once happy remove the above command and upgrade to the new IOS on the default partition cf:4.

Advertisement

Published by Ruhann

Just another Network Engineer.

Published

Please leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.