As per title. Firepower 6.3.0 been out for 8 days now. Anybody tried it in production yet?
What's the lowdown on the good, the bad and the ugly?
We have a LARGE customer deployment that we need to upgrade from 6.2.2.X.
We're trying to decide whether to go to 220.127.116.11 or 6.3.0....
not yet, the pre-install guide says there is a pre-installation file necessary when upgrading from 6.2.x ( https://www.cisco.com/c/en/us/td/docs/security/firepower/upgrade/fpmc-upgrade-guide/version_specific_guidelines.html#id_70638 ). There is no file on the download site. I have a ticket open with TAC about the issue
Yes and immediately discovered a REST API bug:
Each literal IP address is returned as type:"FQDN" which when used to push a new rule to an access policy results in no error but the rule just missing all literal IPs resulting in an any rule.
i upgraded my lab successfully without any issues. Good stuff in 6.3
- device backups for ftd
- in Fdm finally ha
- ttl decrement natively in a new service policy
- fqdn objects in acp
- better integration in Threat response
we have also big customers with ftds. My advice to Maneged service will be to upgrade as soon patch 2 is available. I do not use .0 releases in production. But at latest with patch 2 (6.3.2) I assume this release is ready for the customer.
Running 6.3.0 here.
Hint for the ones going towards 6.2.3/6.3.0: Make sure you do not have EC certificates. It breaks deployment and system initialization.
CSCvn10754 - Cannot create objects with Elliptic Curve certificates for HTTPS access on FMC
We have an upcoming upgrade from v18.104.22.168 to v22.214.171.124, but not quite sure if 126.96.36.199 and 6.3.0 fixes defect CSCvi25965 as both versions are listed on the affected releases. The workaround listed is "Roll back the SRU that caused the policy deployment to fail", not quite sure that I would recommend this to my customer since they're currently on the RRR due to this defect.
Anyone who can share additional input on this defect is much appreciated.