Upgrading the FWSM from the maintenance partition (mp) provides the ability to load a different image on a different flash partition. This is not possible when simply doing the upgrade in IOS.

There are three usable partitions on the Compact Flash card:

cf:1 maintenance partition

cf:4 primary (default) image partition

cf:5 backup image partition

To get into the mp of the FWSM in slot 7, issue the following command in IOS in enable mode:

hw-module module 7 reset cf:1

It will take a couple of minutes for the module to reboot. Check it’s status with:

show module 7

The output will look like the following as the module power cycles, posts and is finally operational:

7  0003.3234.a3f6 to 0003.3234.a3fd   3.0   7.2(1)       3.2(1)       Other

7  0003.3234.a3f6 to 0003.3234.a3fd   3.0   7.2(1)       3.2(1)       PwrDown

7  0003.3234.a3f6 to 0003.3234.a3fd   3.0   7.2(1)       8.5(0.46)RFW Other

7  0003.3234.a3f6 to 0003.3234.a3fd   3.0   7.2(1)       2.1(2)m      Ok

Once the status shows OK, log in to the module from IOS with:

session slot 7 p 1

The username/password will be the default: root/cisco

Images can only be copied to the mp from an ftp server, and moreover, that server must be on VLAN1, since VLANs are not trunked into a FWSM booted into the mp. Assuming there is an ftp server addressed on that VLAN that contains the FWSM images, here are the commands you need to load them:

Give the mp the basic IP addressing:

ip address <addr> <mask>

ip gateway <gw_addr> (optional)

The mp includes a ping command. You should get a response from the ftp server address before proceeding.

Once this is done, copy the image files to flash using the upgrade command. Here we’re coping 3.2.15 fwsm code to cf:4 and 4.0.8 code to cf:5.

upgrade ftp://user:password@server/path/c6svc-fwm-k9.3-2-15.bin cf:4
upgrade ftp://user:password@server/path/c6svc-fwm-k9.4-0-8.bin cf:5

There will also be an option to clear the configuration stored on the partitions. Generally, you won’t want to do this, because doing so will effectively set the default config once you boot to that partition. In addition to also defaulting the system context username and password, this will also put the FWSM in single context mode. Check here for info regarding the default login and changing to multiple context mode.

Lastly, reload to use the new FWSM image (loads cf:4):

hw-module module 7 reset

or

hw-module module 7 reset cf:5

One final note, if you want to change the default boot image to the one on cf:5, use the following IOS command:

hw-module module 7 boot flash 2

Reset to cf:4 by issuing the same command with the flash keyword changed from 2 to 1.