Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1299
Views
10
Helpful
2
Replies

Upgrade Async OS - Best Practice Guide

Go to solution
Gabriel Grabner
Level 1
Level 1

‎01-07-2021 11:02 PM

Hi there!

We are running 2 Cisco S390 WSA on the AsyncOS 10.1.1, which are managed by the Cisco M100V SMVA on AsyncOS 10.1.0.

We need to upgrade the AsyncOS to at least version 10.5.x so we can use external feeds for O365.

Is there any best practice guide how to do this properly? e.g. first updating the SMVA and then the 2 WSA? Or other way round?

On the S390 WSA the only upgrade availible is for AsyncOS 10.1.2 - how do i get them to 10.5.x?

 

Any help appreciated.

Thank you in advance.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎01-08-2021 04:54 AM

Steps suggest as below :

 

1. Take the backup config of WSA seperately out of the box without masking password.

2. Take backup of SMA out of the box

3. read the release notes very carefully and understand any caveats.

4. First always need to upgrade the SMA higher version which has support lower version WSA  (but some case you can upgrade SMA, not required WSA to support version, but you can upgrade WSA also same time - so SMA can interact with WSA.

 

If you 2 WSA managed by SMA. ( make the change freeze no changes while upgrade take place any of the kit)

 

best is make fail over all the load to 1 WSA, and upgrade SMA and WSA (standby by one)

Test offline working as expected all feature. and failover Live traffic to new upgrade SMA - WSA (if all good)

upgrade OLD version of WSA and join back to SMA and cluster (or any other way it was deployed)

 

is this make sense ?  

 

Upgrade is simple, preparation take long time, simple follow below steps to meet to target version.

https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/117854-technote-esa-00.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

2 Replies 2

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎01-08-2021 04:54 AM

Steps suggest as below :

 

1. Take the backup config of WSA seperately out of the box without masking password.

2. Take backup of SMA out of the box

3. read the release notes very carefully and understand any caveats.

4. First always need to upgrade the SMA higher version which has support lower version WSA  (but some case you can upgrade SMA, not required WSA to support version, but you can upgrade WSA also same time - so SMA can interact with WSA.

 

If you 2 WSA managed by SMA. ( make the change freeze no changes while upgrade take place any of the kit)

 

best is make fail over all the load to 1 WSA, and upgrade SMA and WSA (standby by one)

Test offline working as expected all feature. and failover Live traffic to new upgrade SMA - WSA (if all good)

upgrade OLD version of WSA and join back to SMA and cluster (or any other way it was deployed)

 

is this make sense ?  

 

Upgrade is simple, preparation take long time, simple follow below steps to meet to target version.

https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/117854-technote-esa-00.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Go to solution
Ken Stieers
VIP
VIP

‎01-08-2021 06:16 AM

To get to any version of 10.5.x you need to be at 10.1.1-234.

You're so far behind, you'll have to do multiple upgrades on the WSA's.



10.5.x release notes are here:

https://www.cisco.com/c/dam/en/us/td/docs/security/wsa/wsa_10-0/WSA_10-5-x_Release_Notes.pdf



If you're using the O365 feed, you may want to consider 11.8

MS includes a bunch of crap in the feed that their published Add-ins work with that you may not want open to your users...

Facebook comes to mind.

Starting in 11.8.0-414 has ways to create exceptions for that...

11.8 release notes are here: https://www.cisco.com/c/dam/en/us/td/docs/security/wsa/wsa11-8/WSA_11-8_Release_Notes.pdf






Customers Also Viewed These Support Documents