Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5976
Views
0
Helpful
13
Replies

Ironport WSA Async OS upgrade

kumaraguru.rajendran
Level 1
Level 1

‎09-10-2012 08:25 AM

Hi All,

We are using ironport S670 with AsyncOS version 6.3.7-018 . We are planning to upgrade the Async OS to new version 7.5.0-826. As we are new to this WSA we need the procedure and steps to upgrde.

Kindly someone helps us upgrading.

Guru       

Guru
Labels:
0 Helpful
13 Replies 13

Ken Stieers
VIP
VIP

‎09-10-2012 08:31 AM

If you go to the bottom of the email that you got from Cisco... its there...(I've copied the relevent section below)

You REALLY need to read the release notes... There's a fair number of changes that you need to know about.

 

For further information about this release, please refer to the AsyncOS Release Notes. The release notes are available on our Support Portal:

WSA: http://www.cisco.com/en/US/products/ps10164/prod_release_notes_list.html

SMA: http://www.cisco.com/en/US/products/ps10155/prod_release_notes_list.html

If you do not have a Cisco.com User ID use this link to register.

You will need to use your new or existing Cisco.com User ID. Once you have received your Cisco User ID, please link it to your Cisco Service Contract Number.

Instructions for linking your account are located at:  http://www.ironport.com/support/vod2.html.

Your Cisco Service Contract Number is xxxxxxx

If you are concerned about an issue not listed there, please contact your authorized support provider to make an inquiry.

How to Upgrade

Prior to upgrading to this release, please read the Release Notes referenced above and save a copy of the configuration file somewhere other than on your appliance.

Once you have read the Release Notes you may log into the command line of your IronPort Appliance as the 'admin' user, and type 'upgrade', or use the WebUI upgrade functionality in the 'System Administration' tab.
You may upgrade directly to the highest version available in the displayed list.

**NOTE** It is important that you follow the upgrade instructions available in the Release Notes. If you do attempt to upgrade and do not see the desired release version available, your appliance is likely not on a version allowed to upgrade directly. See 'Upgrade Paths' below.

Upgrade Paths

Please refer to the Release Notes for qualified upgrade paths.
If your systems are on any other AsyncOS release, you will need to perform multiple upgrades as specified in the release notes. Only the immediate next step in the upgrade path will be shown to you, with the next revision being shown once you are at the approved level.

0 Helpful

kumaraguru.rajendran
Level 1
Level 1
In response to Ken Stieers

‎09-11-2012 06:34 AM

Thanks Ken,

Guru

Guru
0 Helpful

muhammadaswad
Level 1
Level 1
In response to Ken Stieers

‎08-21-2021 07:08 AM

Hi Ken Stieers,

 

Just want to have more understanding, if currently, WSA appliance was running Firmware 11.8.0-453 version and I follow this step "Once you have read the Release Notes you may log into the command line of your IronPort Appliance as the 'admin' user, and type 'upgrade', or use the WebUI upgrade functionality in the 'System Administration' tab. You may upgrade directly to the highest version available in the displayed list.  " The available version that was shown was a Firmware 12.5.2-007  version.

 

Meaning to this, can my WSA appliance be upgraded directly from the 11.8.0-453 version to the 12.5.2-007 version?

 

This guide also works for ESA and SMA right?

 

 

 

 

 

 

Preview file
165 KB
0 Helpful

Christian Rahl
Level 1
Level 1

‎09-10-2012 09:56 AM

Hey Guru,

The above steps are a very good idea to follow.  I typically prefer using the CLI as you can see more information about what is happening during the upgrade process.

I went ahead and verified that you can go directly from 6.3.7-018 to 7.5.0-826.

Make sure that when you backup your configuration file you do not mask the passwords.

Christian Rahl

Customer Support Engineer                      

Cisco IronPort - Web Security Appliances

Cisco Technical Assistance Center RTP

United States Ironport: 1-877-641-IRON (4766)

0 Helpful

kumaraguru.rajendran
Level 1
Level 1
In response to Christian Rahl

‎09-11-2012 06:42 AM

Hi Chris,

After upgrade is there any change will occur in my existing configuration. Also is it good to upgrade the WSA from 6.3.7-018 to 7.5.0-826.

Guru

Guru
0 Helpful

Christian Rahl
Level 1
Level 1
In response to kumaraguru.rajendran

‎09-11-2012 06:49 AM

Some of the categories might be changed around. Can you check your Acceptible Use Controls and see if you are using Ironport Url or Cisco Ironport Web Usage Control?

Christian Rahl

0 Helpful

kumaraguru.rajendran
Level 1
Level 1
In response to Christian Rahl

‎09-11-2012 07:06 AM

We are using Cisco Ironport Web usage control also the dynamic content analysis engine enabled.

Guru

Guru
0 Helpful

Ken Stieers
VIP
VIP
In response to kumaraguru.rajendran

‎09-11-2012 08:15 AM

There are some category changes (some elminated, some merged, some added), so you'll want to review those and make sure its blocking/not blocking the ones you want.

The whole application engine is new, so you'll need to look at that policy section and see if you want to block specific behaviors per application (eg, they can post to facebook, but not chat...)

What do you mean by "is it good to upgrade from 6.3 to 7.5"?   It has been tested and confirmed to work.  There's no caveats that say that you shouldn't.  Just keep in mind there has been a lot of change, so you'll want to look through your config and make sure its doing what you want it to do.

Ken

0 Helpful

jfafinski
Level 1
Level 1
In response to Ken Stieers

‎09-19-2012 07:03 AM

Hi,

We upgraded to 7.5.0-826 two S370WSA appliances on monday. Since upgrade both S370 Appliances report about 80% RAM utilisation (it was about 5% before upgrade)

Do you know if it is normal with this new version? Users don't seem to be inpacted for the moment.

Thanks

Jim

0 Helpful

bkoch1
Level 1
Level 1
In response to jfafinski

‎09-16-2014 08:41 AM

Since the WSA 370 comes with only 4GB of RAM, would it be wise to upgrade the amount of memory?

0 Helpful

Ken Stieers
VIP
VIP
In response to bkoch1

‎09-16-2014 09:10 AM

I was at a client advisory board meeting a couple of years ago and asked that question and got a lot of hemming and hawing... about tuning, and OS config, etc.

When it gets down to it, some of that tuning stuff requires you to get into the OS and tweak things... Or they have to build the hooks in so you can tweak them from the CLI or gui, which hasn't been done yet...   They know its an issue, VM's make it even more apparent...

 

0 Helpful

frank.brodbeck
Level 1
Level 1
In response to Ken Stieers

‎09-24-2012 02:11 AM

I have the same problem here but with 7.5.0-833. Reportet RAM util is going up to 80%, back down again just to rise up to 80% again...

Did you still have that problem? If not, what did you do to get rid of it?

Thanks,

Frank.

0 Helpful

jfafinski
Level 1
Level 1
In response to frank.brodbeck

‎09-24-2012 02:34 AM

Hi,

Don't worry, I've contacted cisco TAC for this problem. This is normal in this release.

Have a look:

The following Knowledge Base article addresses your question:

High RAM utilization on the S-Series appliance

Symptoms:

The S-Series appliance shows RAM utilization above 80% even when idle.

High RAM utilization is normal for the Web Security Appliance. For performance reasons, the S-Series appliance uses all available memory for caching Internet content. No action is required.

External Link:

https://ironport.custhelp.com/app/answers/detail/a_id/1311

Have a nice day

0 Helpful
Customers Also Viewed These Support Documents