This may be a stupid question but that's never stopped me from asking before. At one site I have 2 UR 515's running in failover config. They are at 5.2(1) software. I'd like to upgrade them but can only afford an absolute minimum of down time (measured in seconds, maybe). From what I've read about the PIX units, for failover to work, I believe each unit must be configured identically - same hardware, OS version, configuration - or failover doesn't work. What my plan currently is to start by taking the standby PIX (PIX2) down and do a 6.0.1 upgrade. I guess the question that I have is, and here comes the stupid part, if I reconnect the two with PIX2 at 6.0.1 and PIX1 still at 5.2(1) will anything bad happen (my hair fall out, I contract an incurable STD, smoke come from either/both of the boxes)? Assuming that nothing horrible happens, when I take the PIX1 box down to upgrade it will PIX2 (now on a different OS version) detect that the hot PIX has dropped offline and come up as in failover? If it won't on it's own can I do a "failover active" or a similar command to force PIX2 to become active? Will the children play well together again after I do a 6.0.1 upgrade on PIX1? Or will I have to bring PIX2 down, upgrade it (while PIX1 is still up) and then bring PIX1 down (leaving PIX2 down), upgrade it and then bring both back up together once they are on the same OS version level? I realize that with a laptop that has TFTP server software connected to PIX1 and has the pix601.bin image on it the upgrade process doesn't take long. But if I choose the last method of taking both boxes down that, by the time that cables are switched around as required, box(es) are rebooted, bring the 2nd box up in monitor mode, copy the image, reboot, reconnect failover cabling (as needed), the process would probably measured in minutes of total down time before both would be back online. That might as well be days as far as my bosses are concerned. Just looking for alternatives. Thanks for any advice/experience/thoughts. Sorry if this doesn't belong in studygroup.com. I just know that there's a lot of experience and common sense here. (END stupid questions) Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=10380&t=10380 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]