70-18
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 70 Using Image Manager
About Image Updates on Devices Using Image Manager
Note For cluster and failover devices, if all the physical member devices do not have the disk that is
selected as the Image Install location, then there will be a validation error when you try to install
images on the cluster or failover device. You need to select the Image Install location to be a disk
that is present on every member device in the cluster or the failover to proceed with installing
images.
About Image Updates on Devices Using Image Manager
How does Image Manager update images on an ASA device?
Image Manager follows the standard documented procedure to upgrade the stand-alone ASA devices
with several built-in checks to ensure reliable image upgrade. Please refer to:
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008067e9f9.sht
ml#maintask2 for the procedure for image upgrade.
Note You must have accepted the latest Cisco.com certificate to enable Image Manager to interface with
cisco.com. You must accept the certificate from both the "Image Meta-data locator" site and the
download site of the images to start downloading images successfully (see Image Manager Page,
page 11-29).
Image Manager uses the HTTPS protocol to copy images to the ASA device, performs configuration
changes to activate the new image (ensuring fallback to the older image in case of any error), and finally
reloads the device if required, with the new image.
How does Image Manager update images on an ASA configured for failover?
Updating the images in an Active/Standby failover pair is accomplished by creating an image upgrade
job on the active device of the pair, and then running the image upgrade job.
Note Image update on an Active/Active failover pair is not supported in Image Manager. The Active/Active
failover pair has to be converted to Active/Standby by making all the failover groups active on one unit,
and the corresponding failover groups standby on the other unit. Only then can Image Manager update
the image on the pair of devices.
To upgrade devices in an Active/Active failover pair:
1. Manually convert the pair to active/standby by forcing all the failover groups on one device to be
active and on the other device to be standby.
Note Do not discover the devices in Security Manager.
Note For additional details on how to convert an active/active failover pair to active/standby, see
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080b2
0f35.shtml#Actact.