cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
708
Views
0
Helpful
2
Replies

ISE 2.2 recommended version

Is101008
Level 4
Level 4

Hi

 

we have a customer that has ISE 2.2 Patch 7 in production. What is the TAC recommended version right now (Dez 2019) ? ISE 2.2 patch X or already 2.4 ?

 

If 2.2 with a certain patch level => did anybody face problems when upgrading ?

 

Thanks

 

1 Accepted Solution

Accepted Solutions

Damien Miller
VIP Alumni
VIP Alumni

ISE 2.2 is a long term support release, as 2.4 will also be.  The BU has recently added recommendations to the ISE software download page, 2.4 is now the "gold star" release when used with patch 5.  Your customer should start planning an upgrade to 2.4, but they can stay on 2.2 for the foreseeable future (until EOS is announced at least) if they do not require any new features.  

 

2.2 patch 11 and 2.4 patch 4 were deferred, both releases had an AD bug regression that you either hit or didn't.  2.2 Patch 12 or 2.4 patch 5 are both considered stable and I would run either in production.  The release notes for each release will cover the resolved bugs per patch level, the most recent patch including all previous patch fixes as well. 


Resolved caveats
https://www.cisco.com/c/en/us/td/docs/security/ise/2-2/release_notes/ise22_rn.html#pgfId-810214

 

2.2 open caveats
https://www.cisco.com/c/en/us/td/docs/security/ise/2-2/release_notes/ise22_rn.html#pgfId-747245

 

As with any ISE upgrade/patch, review the release notes, review the bug tracker, test in a QA environment if available.  At least with ISE patching, if you encounter any show stopping bug, rolling back is relatively painless.  

ise-rec.JPG

View solution in original post

2 Replies 2

I suggest to move from 2.2 because it wasn't' a stable release. There are
many patches released for it which is a good thing but further versions
uses policy-sets instead of policies for authentication and authorization
which might be a significant change for future. Hence I suggest to move
asap.

Damien Miller
VIP Alumni
VIP Alumni

ISE 2.2 is a long term support release, as 2.4 will also be.  The BU has recently added recommendations to the ISE software download page, 2.4 is now the "gold star" release when used with patch 5.  Your customer should start planning an upgrade to 2.4, but they can stay on 2.2 for the foreseeable future (until EOS is announced at least) if they do not require any new features.  

 

2.2 patch 11 and 2.4 patch 4 were deferred, both releases had an AD bug regression that you either hit or didn't.  2.2 Patch 12 or 2.4 patch 5 are both considered stable and I would run either in production.  The release notes for each release will cover the resolved bugs per patch level, the most recent patch including all previous patch fixes as well. 


Resolved caveats
https://www.cisco.com/c/en/us/td/docs/security/ise/2-2/release_notes/ise22_rn.html#pgfId-810214

 

2.2 open caveats
https://www.cisco.com/c/en/us/td/docs/security/ise/2-2/release_notes/ise22_rn.html#pgfId-747245

 

As with any ISE upgrade/patch, review the release notes, review the bug tracker, test in a QA environment if available.  At least with ISE patching, if you encounter any show stopping bug, rolling back is relatively painless.  

ise-rec.JPG