1. take backup un encrypted first.

2. If you using SMA, then upgrade SMA first 

3. If you using the you need to change Configuration Manager to 15

4. I believe 14.5 directly check the matrix :

https://www.cisco.com/c/dam/en/us/td/docs/security/security_management/sma/sma_all/web-compatibility/index.html

5. read the release notes and understand the caveats :

https://www.cisco.com/c/en/us/td/docs/security/wsa/wsa-15-2/release-notes/release-notes-for-wsa-15-2.html

6. the rollback should be automatic, in case any issue you need to roleback check is the rollback available, you need to use command line for rollback.

7. Once success upgrade, make sure take back up fresh copy.

@balaji.bandi Thank you for the answer!

Yes I'm using SMA and can you tell me please how to upgrade SMA and the best practices for this process?

Thanks in advance!

@balaji.bandi The model of the WSA is Cisco S695.

@balaji.bandi Why I need to check the EOL, what can affect this?

Hello @Zaza1 

technically when we are upgrading you need to check the : 

[1] release notes:

[1-1] What is new : 

For example: In AsyncOS 15.2 and later releases, Smart Software License is mandatory

[1-2] Changes in Behavior 

For Example: After upgrading to 15.2.2-009, you can no longer enable Dynamic Conetent Analysis (DCA) feature from Secure Web Appliance.

[1-3] Known/fixed Issues 

Here are the links to the relevant release notes:

• Secure Web Appliance (WSA) Release Notes: WSA Release Notes

[2] If you are managing your WSAs with an SMA, we recommend reviewing the compatibility matrix to ensure seamless integration:

• Compatibility Matrix: SMA Compatibility Matrix
• Secure Email and Web Manager (SMA) Release Notes: SMA Release Notes

[3] If you have integrated the WSA with Cisco ISE, kindly check the compatibility Matrix as well:

https://www.cisco.com/c/en/us/td/docs/security/wsa/ise-matrix/ise-compatability-matrix-for-swa.html

Regards,

Amirhossein Mojarrad

+++++++++++++++++++++++++++++++++++++++++++++++++++

++++     If you find this answer helpful, please rate it as such    ++++

+++++++++++++++++++++++++++++++++++++++++++++++++++

Now after the WSA upgrade I have slow performance.

Can somebody tell me why and how to resolve it?

Hello @balaji.bandi ,

I am facing an issue after SMA and WSA upgrade.

Issue is when I want to update Custom Categories on SMA and apply changes, we receive login page for WSA_SANDBOX I appreciate your help on fixing it.

SMA and WSA versions are as below:

SMA M195 version is 16.0.2-088

WSA S695 version is 15.0.0-355

Configuration Manager version is 15.0

@Zaza1 

kindly check this defect please : https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwq41875

Regards,

Amirhossein Mojarrad

+++++++++++++++++++++++++++++++++++++++++++++++++++

++++     If you find this answer helpful, please rate it as such    ++++

+++++++++++++++++++++++++++++++++++++++++++++++++++

@Zaza1 for the Slowness issue, 

kindly add these performance parameters to the Accesslogs: 

https://www.cisco.com/c/en/us/support/docs/security/secure-web-appliance-virtual/220456-configure-performance-parameter-in-acces.html

and open a TAC case, above fields will gives us more visibility on the WSA's internal process time.

Regards,

Amirhossein Mojarrad

+++++++++++++++++++++++++++++++++++++++++++++++++++

++++     If you find this answer helpful, please rate it as such    ++++

+++++++++++++++++++++++++++++++++++++++++++++++++++