Upgrade ASA and ASDM images in a high availability pair

Security Cloud Control Firewall Management supports upgrading Cisco Secure Firewall ASA devices that are configured in an Active/Standby High Availability (HA) pair.

During the upgrade, Security Cloud Control Firewall Management upgrades the devices sequentially to minimize traffic disruption:

1. The standby ASA is upgraded first.

2. The standby device reboots and returns to the Standby-Ready state.

3. Security Cloud Control Firewall Management initiates a failover, making the upgraded device the active ASA.

4. The primary ASA device is then upgraded and rebooted.

Because one device remains active during most of the process, the upgrade provides near-zero downtime. During the failover event, a brief traffic interruption or a small number of dropped packets may occur depending on the network environment.

If you need more information about how ASAs are configured and work in failover mode, see Failover for High Availability in the ASA documentation.