Skip to main content

 

 

Cisco Defense Orchestrator

Bulk ASA and ASDM Upgrade

Upgrade Multiple ASAs with Images from CDO's Repository

  1. Review ASA and ASDM Upgrade Prerequisites for upgrade requirements and important information about upgrading ASA and ASDM images.
  2. (Optional) From the Devices & Services page, create a change request label to identify the devices upgraded by this action in the change log.  
  3. Use the filter to narrow down the list of devices you may want to include in your bulk upgrade. 
  4. From the filtered list of devices, select the devices you want to upgrade. 
  5. In the Devices & Services sidebar, click the Upgrade button upgrade_button.jpg.
  6. On the Bulk Device Upgrade page, the devices that can be upgraded are presented to you. If any of the devices you chose are not upgradable, CDO gives you a link to view the not upgradable devices.

upgrade_chosen_devices2.png

  1. In step 1, click Use CDO Image Repository to select the ASA software image you want to upgrade to and click Continue

The list indicates how many of the ASAs you chose can be upgraded to the software version you chose. In the example below, all of the devices can be upgraded to version 9.9(1.2), two devices can be upgraded to 9.8(2), and one of the devices can be upgraded to 9.6(1). 

upgrade_choose_version2.png

CDO alerts you if any of the software versions you chose are incompatible with any of the devices you chose. In the example below, CDO cannot upgrade the 10.82.109.176 device to a version earlier than it already runs.

upgrade_one_bad2.png

  1. In step 2, select the ASDM image you want to upgrade to. You are only presented with ASDM choices that are compatible with the ASA you can upgrade. 
  2. In step 3, confirm your choices and decide whether you only want to download the images to your ASAs or copy the images, install them, and reboot the device.
  3. Click Perform Upgrade when you are ready.

Note: If the upgrade fails, CDO displays a message and automatically re-attempts the upgrade. Often the reason for a failed upgrade is a network issue preventing the ASA and ASDM images from being transferred to the ASA.

  1. (For multi-context mode) After the admin context and the security contexts boot, you may see that the security contexts display the message, "New certificate detected." If you see that message, accept the certificate for all security contexts. Accept any other changes caused by the upgrade.
  2. Look at the notifications tab for the progress of the bulk upgrade action. If you want more information about how the actions in the bulk upgrade job succeeded or failed, click the blue Review link and you will be directed to the Jobs page
  3. If you created and activated a change request label, remember to clear it so that you don't inadvertently associate other configuration changes with this event.

Upgrade Multiple ASAs with Images from your own Repository

  1. Review ASA and ASDM Upgrade Prerequisites for upgrade requirements and important information about upgrading ASA and ASDM images.
  2. (Optional) From the Devices & Services page, create a change request label to identify the devices upgraded by this action in the change log.  
  3. Use the filter to narrow down the list of devices you may want to include in your bulk upgrade. 
  4. From the filtered list of devices, select the devices you want to upgrade. 
  5. In the Devices & Services sidebar, click the Upgrade button upgrade_button.jpg.
  6. In step 1, click Specify Image URL, enter the URL to the ASA image you want to upgrade to in the In the Software Image URL field, and click Continue. See Custom URL Upgrade for URL syntax information.

Note: The picture below shows an HTTPS URL in the Software Image URL field. You can retrieve the images from your repository using any of these protocols: FTP, TFTP, HTTP, HTTPS, SCP, and SMB. See Custom URL Upgrade for URL syntax information.

custom_url_asa.png

  1. In step 2, click Specify Image URL, enter the URL to the ASDM image you want to upgrade to in the In the Software Image URL field, and click Continue
  2. In step 3, confirm your choices and decide whether you only want to download the images to your ASAs or copy the images, install them, and reboot the device.
  3. Click Perform Upgrade when you are ready.

Note: If the upgrade fails, CDO displays a message and automatically re-attempts the upgrade. Often the reason for a failed upgrade is a network issue preventing the ASA and ASDM images from being transferred to the ASA.

  1. (For multi-context mode) After the admin context and the security contexts boot, you may see that the security contexts display the message, "New certificate detected." If you see that message, accept the certificate for all security contexts. Accept any other changes caused by the upgrade.
  2. Look at the notifications tab for the progress of the bulk upgrade action. If you want more information about how the actions in the bulk upgrade job succeeded or failed, click the blue Review link and you will be directed to the Jobs page
  3. If you created and activated a change request label, remember to clear it so that you don't inadvertently associate other configuration changes with this event.

Upgrade Notes

  • You can also monitor the progress of the batch of upgrades by opening the Devices & Services page and viewing the Configuration Status column in the table.
  • You can view the progress of a single device that was included in the bulk upgrade by selecting that device on the Devices & Services page and clicking the upgrade button. CDO takes you to the Device Upgrade page for that device.