Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1189
Views
5
Helpful
8
Replies

Current best version for S370 WSA

tahscolony
Level 1
Level 1

‎02-17-2016 07:59 AM

I have a unit being replaced, and the 8.5.2-027 version does not support the latest TLS, which many sites are now using, and is causing issues. Some are completely blocked so we have to bypass them.  I also need to set it up for Citrix users, using session cookies, so want to get the most stable, but latest version I can installed before I reconfigure it.  I have been receiving bug reports daily on WSA, and it seems that just about every version has some sort of issue, including the latest releases.

Here is a good example

Alert Type:

New

Bug Id:

CSCuy30247

Title:

Add a watchdog timer for counterd-x process on WSA

Status:

Open

Severity:

2 Severe

Description:

Symptom:
Reporting will stop working on WSA due to counterd-x process being stuck at 100% CPU usage
- SMA will stop getting data from WSA when WSA is hung in this state

Conditions:
WSA running AsyncOS version 9.0.x and above

Workaround:
Reboot the WSA
or
Contact Cisco TAC & TAC can restart the process from backend

Further Problem Description:

Last Modified:

16-FEB-2016

Known Affected Releases:

9.0.0-485, 9.0.1-135

Known Fixed Releases:
Labels:
0 Helpful
8 Replies 8

Tao Yang
Cisco Employee
Cisco Employee

‎02-17-2016 06:37 PM

WSA AsyncOS version 9.0.1-161 has just been GD released which fully supports TLS 1.1, TLS 1.2.

Here is the release notes.

http://www.cisco.com/c/dam/en/us/td/docs/security/wsa/wsa9-0/WSA_9-0-x_Release_Notes.pdf

tahscolony
Level 1
Level 1
In response to Tao Yang

‎02-18-2016 05:52 AM

I just saw that this morning, which is good news, looks like they were busy getting all the bugs patched.  I got the  replacement box yesterday, and plan to get it up and running today.  I also noticed their page for getting files for local server support doesn't work. I put the serial and other information in and get back a blank page.  Was hoping to use that to get the OS so that I can do this off net.

0 Helpful

tahscolony
Level 1
Level 1
In response to tahscolony

‎02-18-2016 09:51 AM

Well it appears GETTING to this will be more difficult than planned.  I am stuck between 7.5.2-304 and the next step. The damned Raid controller patch is not listed, and the upgrades wont continue without it.

Now to wait until TAC can figure this one out.

0 Helpful

Handy Putra
Cisco Employee
Cisco Employee
In response to tahscolony

‎02-21-2016 09:41 PM

You will need to get TAC to manually provision the RAID firmware update that require for S370 appliance that will be running AsyncOS version 7.7 and above since there are significant difference in OS from 7.5 to 7.7 (move to 64 bit OS)

Once this image has been provisioned, you can then perform the RAID firmware update (reboot required). Once done, check the CLI of the appliance and issue 'version' command to make sure the RAID is showing version 1.22.52, such as below example:

Current Version
===============
Product: Cisco S670 Web Security Appliance
Model: S670
Version: xxxxxxxx
Build Date: 2016-01-25
Install Date: 2016-01-29 13:16:44
Serial #: xxxxxxxxxx
BIOS: 2.2.17
RAID: 1.22.52-1909, 2.04.00, 1.02-015B
RAID Status: Optimal
RAID Type: 10
BMC: 1.85

0 Helpful

tahscolony
Level 1
Level 1
In response to Handy Putra

‎02-22-2016 05:57 AM

I did, after about 6 attempts at explaining that is was not listed, including copying and pasting the upgrade list, she finally got it.  Got the controller upgrade installed, ran the next upgrade which took 8 hours or more, and now I am trying to determine if the upgrade even took. I connected to the console just now and it showed the old version, but didn't prompt for login, which makes me think it didn't reboot when it completed.

0 Helpful

Handy Putra
Cisco Employee
Cisco Employee
In response to tahscolony

‎02-23-2016 04:48 PM

normally when after upgrade and still showing the old version instead of the upgrade version, the appliance failed to transfer across from upgrade partition to the boot partition.

Usually due to the appliance failed to reboot gracefully and normal workaround is to hard reboot the appliance to force this partition migration.

0 Helpful

Robert Sherwin
Cisco Employee
Cisco Employee
In response to Tao Yang

‎02-18-2016 12:04 PM

Quick update: 9.0.1-162 was just released in place of 9.0.1-161.

-Robert

Cheers,
Robert Sherwin
0 Helpful

tahscolony
Level 1
Level 1
In response to Robert Sherwin

‎02-18-2016 12:28 PM

I see that now in the list, 161 is gone.

coeus-9-0-1-162

Now if I could only get TAC to figure out why I cant see the raid controller patch under upgrade, I can get this darned thing done and off my desk.

0 Helpful
Customers Also Viewed These Support Documents