Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1412
Views
5
Helpful
6
Replies

WSA upgrade for approaching EoL release

Go to solution
MehnazKhan2492
Level 1
Level 1

‎04-17-2021 07:47 PM

We have a WSA environment with SMA 

 

WSA s170 running on  10.1.0-204

 

SMA running on 10.1.0-037

 

I am looking for the recommended releases if I go by document there are various options and upgrade path is required. Can we upgrade to the new version via recommended path or just keep the WSA running on next version for sometime before targeting for latest version.

 

 

Also, if I check via CLI upgrade command it gives us slight different options, what is the best practice like follow the CLI or go by Cisco documentations.

 

 

Also I would like to know if there is a way to uprgade via CLI and any step by step instructions as it failed on few occasions in the past.

 

 

Regards,

Meh

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to MehnazKhan2492

‎04-18-2021 06:51 AM

S170 is EOL soon, what is the options you see in the Software upgrade, ?

 

SMA should be first 13.X before you upgrade, then Upgrade WSA to 12.X or 13.X  based on the requirement.

 

What is the model of SMA ?  SMA release notes.

 

https://www.cisco.com/c/en/us/support/security/content-security-management-appliance/products-release-notes-list.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

0 Helpful
6 Replies 6

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎04-18-2021 01:36 AM

There is no CLI Upgrade - GUI Upgrade gives you clear steps and what version versions available to upgrade.

 

Upgrade approach :

 

1. SMA always needs to be a higher version compatible with WSA Version you upgrading.

2. Look at the release notes you can see a compatible version.

3. From 10.X  you can go 11.X 12.X whatever desired version. 13.X  is the latest with many bug Fixes. 14.X is on way.

 

To save time, always download the package first to the box, so your installation only takes less than 10-15min and the reboot process takes place?

 

If you have a high availability environment, Upgrade 1 at a time and test it. before upgrade another one

Bare in mind rollback to old version really pain not that straight forward.

Always offload working configuration out of the box each kit

 

 

 

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Go to solution
MehnazKhan2492
Level 1
Level 1
In response to balaji.bandi

‎04-18-2021 03:46 AM - edited ‎04-18-2021 03:48 AM

Thanks Balaji 

 

Since SMA is the management box and I have 2 WSA in main DC in HA and 1  WSA in DR as virtual

 

Can I upgrade SMA to 13.x which has bug fixes in first window and keep the WSA to 10.x and then move wsa to 12.x via upgrade path ?

 

Can you clarify offload working configuration and download package, is it like I need to place the files on some download servers or locally on the box . I was told by one of the resources that you need to first check the available upgrade versions via CLI and then we can decide the upgrade path. What are the various paths in general from 10.x 

 

Does SMA to 13.x is the direct upgrade or few steps upgrade ? What is the sequence we need to follow if I need to upgrade SMA and WSA in one window to latest releases

 

1) 1 SMA 10.x

2) 2 WSA in DC ( production ) 10.x

3) 1 WSA in DR virtual 10.x

 

 

 

 

Regards,

Meh

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to MehnazKhan2492

‎04-18-2021 06:51 AM

S170 is EOL soon, what is the options you see in the Software upgrade, ?

 

SMA should be first 13.X before you upgrade, then Upgrade WSA to 12.X or 13.X  based on the requirement.

 

What is the model of SMA ?  SMA release notes.

 

https://www.cisco.com/c/en/us/support/security/content-security-management-appliance/products-release-notes-list.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
MehnazKhan2492
Level 1
Level 1
In response to balaji.bandi

‎04-20-2021 01:11 PM

Thanks Balaji, 

 

My bad I am using S190 and M190, so do I need to complete the upgrade in one cycle or I can run 10.x with 13.x SMA.

 

Thanks for your help !!

 

Regards,

Meh

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to MehnazKhan2492

‎04-20-2021 11:48 PM

It all depends on Downtime you get from Business, You can upgrade all with compatable matrix as mentioned by me before.

 

but you can upgrade and join them back also later. as long as you get correct upgrade version show in software upgrade that means its ready to upgrade.

 

as mentioned save time, download and keep ready, when you like to install, install just to saves lot of time.

 

if the device is up for Longer days, suggest to reboot before you upgrade, i have enocunter some issue with Long uptime.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents