Re: Anyone brave enough to try 6.3.0 yet? - Page 2

matty-boy · ‎12-11-2018

As per title. Firepower 6.3.0 been out for 8 days now. Anybody tried it in production yet?

What's the lowdown on the good, the bad and the ugly?

We have a LARGE customer deployment that we need to upgrade from 6.2.2.X.

We're trying to decide whether to go to 6.2.3.7 or 6.3.0....

Cheers,

Matt.

joedansereau · ‎12-12-2018

not yet, the pre-install guide says there is a pre-installation file necessary when upgrading from 6.2.x ( https://www.cisco.com/c/en/us/td/docs/security/firepower/upgrade/fpmc-upgrade-guide/version_specific_guidelines.html#id_70638 ). There is no file on the download site. I have a ticket open with TAC about the issue

Abheesh Kumar · ‎12-12-2018

I have upgraded FMC without any pre install patch from 6.2.3.4

Alexander Hartmaier · ‎12-12-2018

Yes and immediately discovered a REST API bug:

Each literal IP address is returned as type:"FQDN" which when used to push a new rule to an access policy results in no error but the rule just missing all literal IPs resulting in an any rule.

brian.black · ‎12-14-2018

I upgraded my ASA 5508-X with Firepower services from 6.2.3.7 to 6.3.0 without issue.

andre.baumgarten · ‎12-12-2018

Hi

i upgraded my lab successfully without any issues. Good stuff in 6.3

- device backups for ftd

- in Fdm finally ha

- ttl decrement natively in a new service policy

- fqdn objects in acp

- better integration in Threat response

we have also big customers with ftds. My advice to Maneged service will be to upgrade as soon patch 2 is available. I do not use .0 releases in production. But at latest with patch 2 (6.3.2) I assume this release is ready for the customer.

Andre

HQuest · ‎12-12-2018

Running 6.3.0 here.

Hint for the ones going towards 6.2.3/6.3.0: Make sure you do not have EC certificates. It breaks deployment and system initialization.

CSCvn10754 - Cannot create objects with Elliptic Curve certificates for HTTPS access on FMC

Other than that, no much changes from previous versions. Running a 100+ devices deployment, ranging from small to large appliances, with and without ACI integration.

Abheesh Kumar · ‎12-13-2018

Deployment failure bug reported for few versions and 6.3.0 is also affected.
CSCvi25965

wibarrer · ‎01-07-2019

Hello,

We have an upcoming upgrade from v6.2.3.5 to v6.2.3.8, but not quite sure if 6.2.3.8 and 6.3.0 fixes defect CSCvi25965 as both versions are listed on the affected releases. The workaround listed is "Roll back the SRU that caused the policy deployment to fail", not quite sure that I would recommend this to my customer since they're currently on the RRR due to this defect.

Anyone who can share additional input on this defect is much appreciated.

phil.hydea · ‎01-07-2019

Hi Wibarrer

This bug is not fixed in V6.2.3.8 or V6.3 (according to the release notes).

Is the FMC virtual? if so, you could run a snapshot before starting the
upgrade just incase you need to revert back.

Note patches can be uninstalled but major releases (eg 6.x) cannot be.

Hope this helps

mnair · ‎01-23-2019

on 6.2.3.6( 9300)

thanks