11-13-2015 08:55 AM - edited 03-11-2019 11:53 PM
Greetings.
Beginning work on migrating from ASA 5550 to 5555-X.
Any recommendations for recent but STABLE ASA and ASDM versions?
Thank you.
11-13-2015 09:45 AM
That depends on your definition of "recent" ...
asa916-10 is very stable but is not really "recent". 9.2(4) is a suggested release, but for new deployments I would probably go for the newest 9.4.
11-13-2015 11:14 AM
Hi Karsten,
Going for "newest" doesn't fly around here. Let someone else bleed on that edge. (Getting too far behind isn't safe either, of course.)
BTW, 9.5.1 came out Oct 6.
Looks like 9.1.6(10) is actually newer (Sep 11) than 9.2.4, and 9.1.6(10) was recommended for our older 5550s. Since we'll have a mix in production for a while I'm inclined to go with 9.1.6(10) for consistency. Seeking additional input from other quarters.
Thank you.
11-16-2015 02:30 AM
Hi Leroy,
Sometime looking out for date to consider as the newest or olders is not the correct way. These interim release is all about having fixes of already existing defects which has been seen in that specific major release.
For your older 5550, 916-10 was suggested as it is the last and the latest version that ASA5550 could support as of now(9.2.4 is not supported on asa5550).
Would recommand to have latest upgrade as it has maximum bux fixes.
Hope it helps.
Regards,
Akshay Rastogi
11-16-2015 06:14 AM
HI Akshay,
Thanks for the response. I don't understand how you can say the latest upgrade has maximum bug fixes. Bugs aren't discovered until the code is out in the field and reported by customers.And just because it's not a major (first number) release doesn't mean they haven't introduced new bugs. (I recently had an ISE bug introduced by a PATCH. It wasn't even a minor version increase.) I have little confidence in Cisco's, or any other vendor's, internal quality control.
The only way to know for sure if code is stable is to run it and see. So we seek others actual experience as a starting point.
Thank you.
11-16-2015 06:33 AM
Hi Leroy,
When I say maximum bug fixes, it means the bugs that are already discovered in older releases. Sometime, those bugs are not fixed in immediate maintenance release, however fixed in later versions. and as you are aware that maintenance releases takes care of existing or potential bugs(not encountered by customer externally).
Also bugs are sometime encountered might be because of specific kind of traffic profile. Therefore it is not always possible that your might see some issue with something and another might not. So your point is correct as well that the only way to be sure is to run it and see. That is why critical environments always run their code with their traffic profile in advance to check if their concerned traffic is working fine.
Regards.
Akshay Rastogi
11-16-2015 06:43 AM
Thank you for your thoughtful reply, Akshay.
Your point re bugs being specific to the environment, and doing thorough testing before placing into a critical environment is well taken.
It often seems the situation is the old code has old bugs and the new code has new bugs. We try to start with that sweet spot between old and new and once we have it actually working leave it alone as long as we can.
11-16-2015 06:43 AM
Hi Leroy,
You can follow the suggested releases on the CCO page(image with star symbol) for your firewall hardware as it is suggested based on the stability of the image. Also I would suggest you to check the open caveats for a particular release to check if there is any defect that might affect your configuration. Sometimes the existing defect doesn't affect the confiugration as the network requirement differs from the trigger for the defect.
In case you are looking for a specific feature which is supported in the newer releases then you can go for a newer release.
Here is a link that you can refer for suggested releases:
https://software.cisco.com/download/release.html?mdfid=284143131&flowid=31545&softwareid=280775065&release=9.1.6%20Interim&relind=AVAILABLE&rellifecycle=&reltype=latest
And i think Akshay is taking about the latest interim release on a particular release train. The latest intermin release will have maximum bug fixes reported in that release train.
Hope it helps.
Thanks,
Rishabh Seth
11-16-2015 07:04 AM
Rishabh,
Thank you for your reply and your suggestions, this is helpful. We will take your and Akshay's advice into consideration.
Thank you.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide