Knowledge Search


×
 

[ScreenOS] Can the NetScreen firewall be upgraded without any network interruption?

  [KB3964] Show Article Properties


Summary:

Can a ScreenOS firewall be upgraded without any network interruption?

Solution:

When the ScreenOS version is upgraded, the firewall is reset after the new ScreenOS image has been loaded to flash. Once the reset completes, the new ScreenOS image becomes the running ScreenOS image.

During the reset, all the existing sessions will be affected, essentially cleared momentarily, until the firewall completes its reboot process. The time is dependent on factors like the size of the configuration to load once the device resets.

Once the firewall completes its reboot process, all existing sessions will have to be re-established again.

Therefore, when a firewall is in HA mode, it is worth performing the following steps:

1) Upgrade the slave unit first.

2) Wait at least 30 minutes for all new sessions to get synchronized to the slave.

3) Manually failover to the slave (Slave becomes the new Master)

4) Upgrade ScreenOS on the original master (new slave)

5) If you want the slave and master to swap back to their original order, perform another failover.



Here is the problem or goal:

  • Can the ScreenOS firewall be upgraded without any network interruption?

Applicable Products:

  •  SSG devices
  •  ISG1000s and ISG2000s
  • NS-5200s and NS-5400s

Applicable ScreenOS:

  • 6.3.0

 
Modification History:
2091-10-05: Removed unsupported devices and ScreenOS versions.
 
Related Links: