cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1083
Views
0
Helpful
24
Replies
Highlighted
Beginner

Re: Anyone brave enough to try 6.3.0 yet?

not yet, the pre-install guide says there is a pre-installation file necessary when upgrading from 6.2.x ( https://www.cisco.com/c/en/us/td/docs/security/firepower/upgrade/fpmc-upgrade-guide/version_specific_guidelines.html#id_70638 ). There is no file on the download site. I have a ticket open with TAC about the issue

Enthusiast

Re: Anyone brave enough to try 6.3.0 yet?

I have upgraded FMC without any pre install patch from 6.2.3.4

Re: Anyone brave enough to try 6.3.0 yet?

Yes and immediately discovered a REST API bug:

Each literal IP address is returned as type:"FQDN" which when used to push a new rule to an access policy results in no error but the rule just missing all literal IPs resulting in an any rule.

Beginner

Re: Anyone brave enough to try 6.3.0 yet?

I upgraded my ASA 5508-X with Firepower services from 6.2.3.7 to 6.3.0 without issue.

Re: Anyone brave enough to try 6.3.0 yet?

Hi 

i upgraded my lab successfully without any issues. Good stuff in 6.3

- device backups for ftd

- in Fdm finally ha

- ttl decrement natively in a new service policy

- fqdn objects in acp

- better integration in Threat response

 

we have also big customers with ftds. My advice to Maneged service will be to upgrade as soon patch 2 is available. I do not use .0 releases in production. But at latest with patch 2 (6.3.2) I assume this release is ready for the customer. 

 

Andre 

Re: Anyone brave enough to try 6.3.0 yet?

Running 6.3.0 here.

 

Hint for the ones going towards 6.2.3/6.3.0: Make sure you do not have EC certificates. It breaks deployment and system initialization.

 

CSCvn10754 - Cannot create objects with Elliptic Curve certificates for HTTPS access on FMC

 
Other than that, no much changes from previous versions. Running a 100+ devices deployment, ranging from small to large appliances, with and without ACI integration.
Enthusiast

Re: Anyone brave enough to try 6.3.0 yet?

Deployment failure bug reported for few versions and 6.3.0 is also affected.
CSCvi25965

Cisco Employee

Re: Anyone brave enough to try 6.3.0 yet?

Hello,

We have an upcoming upgrade from v6.2.3.5 to v6.2.3.8, but not quite sure if 6.2.3.8 and 6.3.0 fixes defect CSCvi25965 as both versions are listed on the affected releases. The workaround listed is "Roll back the SRU that caused the policy deployment to fail", not quite sure that I would recommend this to my customer since they're currently on the RRR due to this defect.

 

Anyone who can share additional input on this defect is much appreciated.

 

Beginner

Re: Anyone brave enough to try 6.3.0 yet?

Hi Wibarrer

This bug is not fixed in V6.2.3.8 or V6.3 (according to the release notes).

Is the FMC virtual? if so, you could run a snapshot before starting the
upgrade just incase you need to revert back.

Note patches can be uninstalled but major releases (eg 6.x) cannot be.

Hope this helps
Beginner

Re: Anyone brave enough to try 6.3.0 yet?

on 6.2.3.6( 9300)

 

thanks