02-29-2024 02:42 PM
It's my understanding that this is the intent of the official documentation. In the event that this doesn't work for some reason you have a known good unit to restore traffic that hasn't been modified at all.
In the event that you upgrade the passive firewall and failover and encounter an issue, you've introduced two variables at the same time. It could either be that the passive firewall couldn't handle traffic appropriately to begin with, or it could be the new code causing an issue.
Personally I recommend testing failover at least once a month to validate that everything is functional, and with that I personally always do passive/secondary upgrade first and then move on to the active/primary unit. If you know that failover is actually going to function, the initial failover is just (to me) adding an unnecessary step.
