Solved: ISE patches - Safe to remove old ones?

innovative_elephant · ‎05-14-2019

Is it recommended to remove old ISE patches? Cisco states that,"Patches are cumulative such that any patch version also includes all fixes delivered in the preceding patch versions." I've just installed Patch 8 for 2.4 and would like to remove the old Patch 5 if possible.

Jason Kunst · ‎05-14-2019

Just leave them alone, there is not harm, patch 8 would have overwrote anything else regardless so there is no impact in the system

View solution in original post

Damien Miller · ‎05-14-2019

In order to do this you would have to remove patch 8, then remove patch 5, then install patch 8 again. It's not a process I would recommend unless there is a specific need.

Jason Kunst · ‎05-14-2019

Just leave them alone, there is not harm, patch 8 would have overwrote anything else regardless so there is no impact in the system

Arne Bier · ‎05-14-2019

I have been meaning to ask this question for some time now - glad someone beat me to it. I have been deleting the files from the CLI of the nodes - that's as far as you can go. There is no other user accessible "cleanup" to remove old stuff. Rebuilding a PAN is the only way I know to get rid of legacy patches.

I have poked around the Linux filesystem though and noticed that the old patch files are lying around. Removing them makes a VM a lot smaller (after you compress the VM with vm-tools). I am not advocating this for production systems - but for labs where SSD is scarce, I remove all the junk lying around (including upgrade files, patch files and old logs).

I like my house tidy :-)