70-21
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter70 Using Image Manager
About Image Updates on Devices Using Image Manager
Validating a Proposed Image Update on a Device
You can validate the image update job on one or more devices prior to actually performing it. The
following list details the various validations that are performed:
Insufficient disk space on the ASA device to accommodate the selected images.
An error is displayed in this case. You must navigate to the Storage tab for that device and delete
one or more images to make space. Then retry the upgrade validation operation.
Note The disk space on each of the members in the Cluster and both active and standby units in a
Failover are evaluated for sufficient space to accommodate the selected images. When a
single member or device does not have sufficient space, an error is displayed and you cannot
proceed to creating a job on the device. You must navigate to the Storage tab for that
particular member and make space by deleting one or more unwanted images.
Insufficient RAM on the device to run the new image as recommended in: Release Notes for the
Cisco ASA 5500 Series, 8.4(x).
Note Image Manager will warn you if there is insufficient RAM on the device to load the new
image. However, this will not stop you from performing an image upgrade. This is in
contrast with Configuration deployment, wherein the deployment job stops if there is
insufficient RAM.
If the flash device (disk0 or disk1) that is selected for Image Install Location is not present on any
of the devices/members in cluster/failover setup, then an error is displayed and the job is aborted.
Configuration changes that have been submitted but not yet deployed to the device. These changes
need to be deployed before starting the image update job. Otherwise, the configuration changes may
become incompatible with the upgraded image version on the device.
Warn if the selected image(s) is (are) incompatible with the device type, for example, if non-SMP
images are selected for ASA 5585 device types.
Note This warning only occurs when you are using the drag-and-drop method. For other flows,
the incompatible images/devices are filtered out in step 2 of the Image Install Wizard.
Note This validation was skipped in CSM 4.3 if Check for updates is not performed due to the
unavailability of meta-data information about images on Cisco.com compatible with MDF
IDs. In CSM 4.4, the meta-data information are prepackaged with CSM install and hence
even if Check for updates is not performed, Image manager will validate the compatibility
of images for device types and warn the user when an incompatible image-device
combination is chosen.
Warn if the device is being updated to a version that is unsupported on Security Manager.
Warn if the new image version is the same as or lower than the version running on the device.
An image upgrade to ASA Version 8.3 from any lower version would require the device to be
re-discovered in Security Manager. There were major changes in the NAT configuration introduced
in ASA version 8.3 that are incompatible with previous ASA versions. Likewise, there were major