17.3.3 i am running and stable so far.

Thank you both, 

what are the new features that are in 17.x that are not in 16.x . if I use 17.x.x, is it memory intensive on 9200/9300? is that why @leo lahoo advising to use 16.12. on 9200's?

I was mainly concerned that 17.x is for SD WAN which we dont use and I know there are vulnerabilities relating to SD WAN a lot

---

@NetworkGuy!  wrote:

what are the new features that are in 17.x that are not in 16.x .

---

Read the Release Notes.

---

@NetworkGuy!  wrote:

if I use 17.x.x, is it memory intensive on 9200/9300

---

I cannot answer that question because I do not know what features, settings and configuration is enabled on the network.  

---

@NetworkGuy!  wrote:

is that why @leo lahoo advising to use 16.12. on 9200's?

---

Read the Release Notes.  Look at the Open Caveats section.  For the 9200, it is better to use 16.12.X than 17.3.X. 

For the 9300, it is better to use 17.3.X.

---

@NetworkGuy!  wrote:

I know there are vulnerabilities relating to SD WAN a lot

---

You "know" or you "read"?  If someone has taken the time to thoroughly read the Release Notes, it will lead to the Security Bulletin.  The Security Bulletin will have detailed information about what versions are affected, workarounds and fixed versions.  If no one bothers to read the Release Notes and Security Bulletin, then ... ¯\_(ツ)_/¯

checking, for ISR 4400 what would you recommend?

---

@NetworkGuy!  wrote:

for ISR 4400 what would you recommend?

---

Without knowing about the network involved, I would say 16.6.X.

@jmcgrady1, avoid using a train that supports Cisco Smart License. 

For switches, CSL support starts at 16.9.X.  For routers, CSL support starts at 16.10.X.

Have a read:  IOS-XE leaks like a sieve