ISE version suggestion 2.7 or 3.0

Madura Malwatte · ‎12-08-2020

I have a customer running ISE 2.4 looking to upgrade. The current ISE golden image version is 2.7. But 3.0 is also available and it seems this will be the long term build going forward. I understanding the licensing implications of 3.0.

Based on this https://www.cisco.com/c/en/us/products/collateral/security/identity-services-engine/bulletin-c25-740738.html 2.7 will have EoL notice in 6 more months and end of sw maintenance in 2 years. So torn between whether to go with 2.7 or 3.0. Upgrade planned for early next year.

Damien Miller · ‎12-08-2020

I might go with 3.0 for a brand new build, but I would still go with 2.7 for any production upgrades. It really comes down to the risk tolerance, if there isn't an immediate need for 3.0 features, then I would play it safe.

Mohammed al Baqari · ‎12-09-2020

Hi,

I agree with @Damien Miller. The only addition I have is to consider
compatibility with other integrations. There are a lot of
integrations which don't support 3.0 yet. For example, FMC 6.7,
although its working in my lab with ISE3.0, ISE3.0 is not listed in the
supported releases. I know Palo Alto PxGrid integration breaks, etc.

**** please remember to rate useful posts

marce1000 · ‎12-09-2020

- Hmmm, somewhat aligned with other comments : ISE is usually very business critical , then a new dot-zero release and no patched yet -> no way. If patches start appearing I might relax my view.

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Mike.Cifelli · ‎12-09-2020

Agreeing on the 2.7 comments. 2.7p2 is what I would recommend right now at this point in time today. Note that patch3 is due to hit the street in the very near future. I have also heard 3.0 currently has quite a few bugs and as mentioned already integration issues. HTH!