We currently have two clustered SSL VPN (SA-4500) boxes using firmware version 6.3R1-2 (build 13619) and we want to update their firmware. The devices run in ActivePassive.
Can i simply update the devices one by one using the latest firmware? (or do i need to break the cluster etc.etc.)
Upgrading a cluster is quite easy, because it will automatically update both nodes one-by-one. No need to break the cluster nor update both nodes separately.
So i can simply connect to the cluster IP and start upgrading from 6.3R1-2 (build 13619) to the latest version? No need to upgrade to 6.4 first?
There's some more information about upgrading in the 7.0R1 release notes:
Based on that doc, I think you should be able to upgrade to the latest version directly. I upgraded my 4500 clusters few months ago (from 6.4R2 -> 7.0R3) and it went well without any troubles. You may want to clear the system logs (I cleared all logs..) before upgrade as it should shorten the time it takes.
We upgraded our clustered 4500's from 7.0r3 to r4. The upgrade went without error. The second unit failed to boot after the restart. We consoled in and found it at a prompt as to load the new firmware or the previous. We selected new and the cluster synced up without issues. We'll see if that was a glitch at the next firmware update.