Note: If you have a single ESA and you do not want to impact your mail-flow, then do not suspend the listeners. The mail-flow is impacted during the reboot.
Upgrade your server via the GUI. Cisco recommends that you choose the latest available version from the list.
If you suspended the listeners (Step 3), then enter Resume into the CLI in order to activate the listeners after the upgrade is complete.
Warning: Ensure operational health of the appliance before you start any upgrade. Enter the version command in the CLI in order to ensure that RAID status is "Optimal." If there is a failed hard disk drive (HDD) on the appliance, open a support case and complete a HDD RMA and rebuild prior to the upgrade. If you upgrade an appliance with a failed HDD, it might lead to HDD corruption and unforeseen issues on an appliance that runs off a single HDD.
Upgrade the ESA via the GUI
Note: Cisco recommends that when you upgrade, run the upgrade via the CLI. This provides more details as to the download of the upgrade packages, and also details of the upgrade process. In case of upgrade issues or failures, the output from the CLI proves useful to Cisco Support when troubleshooting.
The GUI Online Help contains detailed instructions about the ESA upgrade methods and requirements. Simply navigate to Help > Online Help from the GUI, and use the Index tab in order to search for Upgrade AsyncOS. Use the information provided in order to upgrade the ESA.
Upgrade the ESA via the CLI
Complete these steps in order to upgrade the ESA from the CLI:
Copy the ESA configuration settings into an email and send it to yourself. When you are prompted to include the passwords, choose Yes. This allows you to import the configuration file, if necessary.
Note: If you have one ESA, it is safe to allow the mail-flow to continue while the ESA upgrade takes place. The only time the ESA does not accept mail is when it reboots.
If you have multiple ESAs, then suspend the listeners on the machine that you intend to upgrade. Enter suspendlistener into the CLI and select your inbound listener. The other machine(s) handle(s) all of the mail-flow.
Enter upgrade into the CLI. The ESA downloads and applies the new AsyncOS version. This process takes approximately ten to thirty minutes, dependent upon the network speed and the AsyncOS version.
When the upgrade is complete, the ESA will prompt you on the CLI to reboot, and will provide up to thirty seconds before it reboots. (During the reboot, you can ping the IP address in order to determine if the ESA is online.)
Once the reboot has completed, log into the ESA and activate the listeners. Enter resumelistener into the CLI and select the listener that is suspended.
In order to verify the mail-flow, enter tail mail_logs into the CLI.
Important Upgrade Notes
Once you read the ESA release notes and complete the steps that are described in this document, you can log into the CLI of your ESA as an admin user and enter upgrade.
It is important that you follow the upgrade instructions that are available in the ESA release notes. If you attempt to upgrade and your desired AsyncOS version is not available, it is likely that your ESA runs a version that does not permit a direct upgrade. Refer to the ESA release notes for qualified upgrade paths.
If your ESA system runs an AsyncOS version that does not support a direct upgrade, you must perform multiple upgrades as specified in the release notes. Only the next step in the upgrade path is shown to you, and the next revision is shown once you are at the approved level.