1 Answer
- Newest
- Most votes
- Most comments
0
Hi Mike,
AMIs from Marketplace are owned and supported by respective product owners, it is best to contact the vendor for specific patch/upgrade instructions; generally speaking regular (for example) Cisco vASA upgrade procedure would be similar to what is mentioned in the links below:
https://www.cisco.com/c/en/us/td/docs/security/asa/upgrade/asa-upgrade/asa-appliance-asav.html
General points to consider before upgrading any 3rd party virtual appliances:
- Write configuration to the device memory and take configuration file backup
- Recommend to take a snapshot before proceeding with the upgrade, also in general periodic recurring snapshots should be taken, in case something goes wrong with the virtual appliance you can restore last known good state from the snapshots
- If possible try the upgrade in a Test environment first
- Pay attention to the licensing pre and post upgrade, AWS does not provide any third party product license and it needs to be directly purchased from the third party vendors
- If you have implemented HA pair you may want to look at AWS GWLB service (Gateway LoadBalancer) - with this you can take 1 FW instance OOLB, upgrade it, verify, put it back in the Pool then upgrade the other instance, this way the upgrade would be least impacting
Hope this helps.
Relevant content
- Accepted Answerasked 3 years ago
- asked 10 months ago
- How do I use the Microsoft KB number in Patch Manager to install a specific patch or set of patches?AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a month ago
- AWS OFFICIALUpdated 2 years ago
Thanks for your detailed help. "HA pair you may want to look at AWS GWLB service" yes thats exactly what we're doing. My first venture into AWS so huge learning curve.