To prevent downtime when updating your high availability cluster, block all services on the secondary firewall. Then update the firmware on the secondary firewall. After the update, restart all services on the updated firewall and repeat the process with the primary firewall. Each firewall can only be updated to the next firmware version according to the migration path. If two updates are required, repeat the process below for each update package.
Step 1: Block All Services on the Secondary Firewall
When you block all services, the control service shuts them down and sends a signal that starts all services on the HA partner unit. Keep in mind that when you block all services, the control service cannot perform automatic failovers.
- Log into the secondary firewall.
- Go to CONTROL > Services.
- In the right half of the window, click Standby.
- A list with options is displayed.
Click Block Shared Services.
Step 2: Update the Secondary Firewall
Update the firmware on the secondary firewall. For more information, see How to Install Updates via Barracuda Firewall Admin or How to Update Managed High Availability Clusters with Automatic Failover.
Step 3: Restart All Blocked Services and Perform a Manual Failover
When you stop multiple services after they have been blocked, you must restart them so they can perform automatic failovers. When multiple services are blocked or go down on an active unit, they will be automatically started in the HA partner.
- Log into the secondary firewall.
Go to CONTROL > Services and click Stop Shared Services.
Log into the primary firewall.
Go to CONTROL > Services page, and click Block Shared Services.
All the servers are taken over by the secondary firewall.
Leave the primary unit in standby mode until you have verified that the secondary firewall is operating correctly. You can verify this by stopping the primary unit services.
Step 4: Update the Primary Firewall
Update the firmware on the primary firewall. For more information, see How to Install Updates via Barracuda Firewall Admin or How to Update Managed High Availability Clusters with Automatic Failover.
Step 5: Transfer All Shared Services Back to the Primary Firewall
Manually trigger a failover to transfer all blocked service from the secondary to the primary firewall.
- Log into the primary firewall.
- Go to CONTROL > Services.
- Click Stop Shared Services.
- Log into the secondary firewall.
- Go to CONTROL > Services.
- Click Block Services.
- Wait for the primary firewall to bring up all shared services and then click Stop Shared Services to place the secondary firewall in standby.