cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2521
Views
0
Helpful
8
Replies

WSA S600V software version

keithsauer507
Level 5
Level 5

Hi, we have an S600V virtual WSA on 11.5.1 build 124.  A vulnerability assessment we had done from a third party said this was an old version. and a vulnerability CSCvk68106 is fixed in 11.5.2.020.

 

I go to check for updates and it shows 11.5.1 build 125 is available for upgrade.  It does not offer 11.5.2 and judging by the date on 11.5.1 build 124 I wouldn't be surprised if there are even newer software versions available.

 

Is there a changelog of the software updates available and how can I jump to the latest, most stable?  Or do I have to keep going in order with whatever is offered in the check for update section?

8 Replies 8

WSA 11.8.1-023 is the latest GA/maintenance deployment
Release notes for all releases are here:
https://www.cisco.com/c/en/us/support/security/web-security-appliance/products-release-notes-list.html?

The release notes for 11.8.1
https://www.cisco.com/c/dam/en/us/td/docs/security/wsa/wsa11-8/WSA_11-8_Release_Notes.pdf

say you can upgrade to that version from any of these:

* 11.5.1-115 * 11.5.1-125 * 11.5.1-504 * 11.5.1-603 * 11.5.2-020 * 11.5.3-007 * 11.5.3-016 * 11.7.0-334 * 11.7.0-406 * 11.7.0-407 * 11.7.0-418 * 11.7.0-704 * 11.7.1-006 * 11.7.1-020 * 11.7.1-043 * 11.7.1-045 * 11.7.1-049 * 11.8.0-348 * 11.8.0-414 * 11.8.0-429 * 11.8.0-440 * 11.8.0-446 * 11.8.0-450 * 11.8.0-453


I've been on 11.80-453 for a while with no issues...

Ken

Wow thats a big version number jump than what we have.  I guess I need to go to the only upgrade version its offering me first, then check for updates and see what it offers me next, rinse and repeat.

 

To get to 11.8 I'm not on 11.5 yet so maybe thats why its not offered yet.

I did the one and only update that was offered, it rebooted and now its offering a whole ton of options, all the way to 11.8.1 maintenance release.  I tried the newest one offered and it took well over an hour to download the application and proceed, way past my hours, so the next morning (today) i logged in and went to the upgrade area and it said it was ready to do it so I clicked next and it proceeded, it asked to reboot.  After rebooting it came up still on the same version it was on.  So I'm trying it one more time.

keithsauer507
Level 5
Level 5

Yeah I can't get it to update.  It rebooted but its still showing its on 11.5.1-125.

 

Every time I go to upgrade options and try to install 11.8.1 build 023 it takes a long time, seems like its installed, it reboots but it remains on 11.5.1-125.

 

Ken, how did you get to the 11.8 series?  

I tried going to 11.8.0 build 453 from 11.5.1-125.  Again it spends an hour downloading and installing,  It asks to reboot so I select reboot.  I watch the VM reboot and when its back up I reload the web GUI and its still on 11.5.1-125.

 

The dang thing wont update.  Ive had it with these terrible solutions.  What else is out there? 

I was able to slowly inch up to 11.7.1-049.

I cannot get to 11.8.1, it installs, reboots but comes back up at 11.7.1-049.  Its strange because this is a virtual appliance (S600V) so there shouldn't be any hardware incompatibilities.

 

Now when I check for updates it only lists one update available, 11.8.1 build 023. It doesn't even show 11.8.0.  So if I try this one and only update that is available, it wastes 45 minutes of my time downloading, installing, rebooting and returning back at 11.7.1.049.

You select it, hit proceed.  

It goes to downloading application for about a half hour or sometimes more.

You are notified that TLS 1.1 or higher is supported going forward, you click proceed.

It has progress like it is installing.

You are notified that you need to reboot for the upgrade to complete.  You click reboot.

In a few minutes, watching the VM's console, it eventually reboots.  

After it appears stable in the VM's console, you reload the web GUI. 

It still remains at 11.7.1.049.

 

 

 

Must have tried this update 4 times today.  After every reboot its still on the previous version.  I give up . Cisco case 689027584 opened for this issue.

Issue is a bug

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvr08420

 

If any access policies have Protocols or User Agents set to disabled, upgrading to 11.8.x will fail.  Will be fixed in 12.0.1.

Work around, ensure all access policies are enabled, do the upgrade and then if you need to disable the ones you had disabled.

 

Issue is there is no indication or notification or even an upgrade check in the UI (or SSH session) to warn the user of this, so a lot of time gets wasted.