For a firewall, the hardware is pretty constant. You don't generally need new filesystems. It's just a matter of frequently downloading the source, compiling, and rebooting (with the option to boot back if something goes wrong). If you need to test, it isn't that hard to set up a testing environments with a duplicate set of hardware if you need high availability. For lower availability needs, testing in place is sufficient. For may consulting business, my availability needs were such that testing in place with the option to roll back was sufficient.