When upgrading HA firewalls, there could be issues with the new software. If this happens and the upgrade process continues, reverting would require downgrading both firewall and additional downtime for the customer.
Describe the solution you'd like
After the passive firewall upgrade has completed and the first failover occurs, a snapshot and check should be done to ensure basic functionality.
If the snapshot comparison passes, then continue upgrading.
If the snapshot fails, stop the process and wait for input before continuing.
Describe alternatives you've considered
I've considered deviating from the content pack, but then would need to manually merge for any future updates.
Additional context
If there is a bug in the new software (eg, BGP peering fails for some reason), then this additional snapshot comparison would halt the upgrade and allow investigation. If determined that the upgrade should not continue, then the customer can just failover and restore network connectivity.
Is your feature request related to a problem?
When upgrading HA firewalls, there could be issues with the new software. If this happens and the upgrade process continues, reverting would require downgrading both firewall and additional downtime for the customer.
Describe the solution you'd like
After the passive firewall upgrade has completed and the first failover occurs, a snapshot and check should be done to ensure basic functionality.
If the snapshot comparison passes, then continue upgrading.
If the snapshot fails, stop the process and wait for input before continuing.
Describe alternatives you've considered
I've considered deviating from the content pack, but then would need to manually merge for any future updates.
Additional context
If there is a bug in the new software (eg, BGP peering fails for some reason), then this additional snapshot comparison would halt the upgrade and allow investigation. If determined that the upgrade should not continue, then the customer can just failover and restore network connectivity.