06-05-2015 02:36 AM - edited 03-11-2019 11:03 PM
Hi community,
This thread is for all of us who always puzzles over which 9.x version I have to take for my ASA 5500-X NGFW. (In my case 5545-X)
The wish is to get the best minor version - best maintenance/updated, stable and suited version without to read the release notes of all minor Versions every time.
Over the time Cisco provided different minor releases and all of them have no EOL information so we can say they are all valid:
9.0 is dead
9.1
9.2
9.3
9.4
compatibility matrix - http://www.cisco.com/c/en/us/td/docs/security/asa/compatibility/asamatrx.html
Cisco Software Research - http://software.cisco.com/selection/research.html
Let us summarize the main differences between these minor versions to have a quick overview which supports all of us to save time and to be sure to take the version which fits best.
Solved! Go to Solution.
06-05-2015 03:00 AM
Hi,
For the ASA 5500-X device , I would recommend using the ASA 9.2.3 as suggested in the Cisco CCO page as well.
The ASA 9.1.6.x is the train which is recommended for the ASA 5500 series as they cannot run the ASA 9.2 and above. For ex:- ASA 9.4 for PBR feature.
Other trains are also stable but the choice depends on the depends on the feature availability that is listed on the release notes.
Let me know if you have any queries.
Thanks and Regards,
Vibhor Amrodia
06-05-2015 06:53 AM
tl;dr - Cisco will never please all the people all the time. :)
Cisco provides a lot of different versions for various reasons. Many customers' change management and configuration control regimes request Cisco continue to support a given release level in a desire (perhaps misguided but nevertheless deemed valid by those organizations) to not introduce instability to their systems.
Sometimes they have to go through an extensive regulatory or legally-mandated vetting process to make major upgrades. Thus is it attractive to them if Cisco can "keep alive" an older release with only necessary bug fixes being released - no new functionality added.
Other reasons include hardware support. As Vibhor mentioned, Cisco continues to updates the releases supporting the older 5500 (non-X) series without Symmetric Multiprocessor (SMP) CPUs. The general policy is that Cisco will continue to provide support for 5 years following end of sales.
The recommended version (as noted with the gold star on the download page) is a judgement by the Business Unit based on input from both the TAC and Development engineering with respect to the stability and maturity of that release.
The versions newer than the recommended release are there to introduce new features and sometimes new hardware support. The leading edge features are appealing to some customers because of the new functions they offer (as detailed in the release notes) but others may have a more risk averse stand based on their business requirements.
If you want to learn more, there was a good TAC Security podcast on this topic back in 2013. Here is a link to the show.
06-05-2015 03:00 AM
Hi,
For the ASA 5500-X device , I would recommend using the ASA 9.2.3 as suggested in the Cisco CCO page as well.
The ASA 9.1.6.x is the train which is recommended for the ASA 5500 series as they cannot run the ASA 9.2 and above. For ex:- ASA 9.4 for PBR feature.
Other trains are also stable but the choice depends on the depends on the feature availability that is listed on the release notes.
Let me know if you have any queries.
Thanks and Regards,
Vibhor Amrodia
06-05-2015 03:46 AM
Hi Vibhor, thank you for your answer.
Of course I have recgonized that there are recommended versions but there must be a need or an idea behind that cisco provides so much different minor versions...
Well when Version 9.2.x is the recommended version why does there exist a 9.3.x version and why do I need it...(and by the way what does the 9.2.x version to be recommended?).
For me as end customer there is definitely a tool needed which compares these different versions in a table. (As I remember as example I could always compare Router IOS (e.g. 12.x) among themselves to see what the different versions has common and what are the differences.)
06-05-2015 06:53 AM
tl;dr - Cisco will never please all the people all the time. :)
Cisco provides a lot of different versions for various reasons. Many customers' change management and configuration control regimes request Cisco continue to support a given release level in a desire (perhaps misguided but nevertheless deemed valid by those organizations) to not introduce instability to their systems.
Sometimes they have to go through an extensive regulatory or legally-mandated vetting process to make major upgrades. Thus is it attractive to them if Cisco can "keep alive" an older release with only necessary bug fixes being released - no new functionality added.
Other reasons include hardware support. As Vibhor mentioned, Cisco continues to updates the releases supporting the older 5500 (non-X) series without Symmetric Multiprocessor (SMP) CPUs. The general policy is that Cisco will continue to provide support for 5 years following end of sales.
The recommended version (as noted with the gold star on the download page) is a judgement by the Business Unit based on input from both the TAC and Development engineering with respect to the stability and maturity of that release.
The versions newer than the recommended release are there to introduce new features and sometimes new hardware support. The leading edge features are appealing to some customers because of the new functions they offer (as detailed in the release notes) but others may have a more risk averse stand based on their business requirements.
If you want to learn more, there was a good TAC Security podcast on this topic back in 2013. Here is a link to the show.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: