Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
620
Views
0
Helpful
2
Replies

ISE 2.2 recommended version

Go to solution
Is101008
Level 4
Level 4

‎12-28-2018 09:59 AM

Hi

 

we have a customer that has ISE 2.2 Patch 7 in production. What is the TAC recommended version right now (Dez 2019) ? ISE 2.2 patch X or already 2.4 ?

 

If 2.2 with a certain patch level => did anybody face problems when upgrading ?

 

Thanks

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Damien Miller
VIP Alumni
VIP Alumni

‎12-28-2018 11:01 AM

ISE 2.2 is a long term support release, as 2.4 will also be.  The BU has recently added recommendations to the ISE software download page, 2.4 is now the "gold star" release when used with patch 5.  Your customer should start planning an upgrade to 2.4, but they can stay on 2.2 for the foreseeable future (until EOS is announced at least) if they do not require any new features.  

 

2.2 patch 11 and 2.4 patch 4 were deferred, both releases had an AD bug regression that you either hit or didn't.  2.2 Patch 12 or 2.4 patch 5 are both considered stable and I would run either in production.  The release notes for each release will cover the resolved bugs per patch level, the most recent patch including all previous patch fixes as well. 


Resolved caveats
https://www.cisco.com/c/en/us/td/docs/security/ise/2-2/release_notes/ise22_rn.html#pgfId-810214

 

2.2 open caveats
https://www.cisco.com/c/en/us/td/docs/security/ise/2-2/release_notes/ise22_rn.html#pgfId-747245

 

As with any ISE upgrade/patch, review the release notes, review the bug tracker, test in a QA environment if available.  At least with ISE patching, if you encounter any show stopping bug, rolling back is relatively painless.  

ise-rec.JPG

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Mohammed al Baqari
Level 11
Level 11

‎12-28-2018 10:17 AM

I suggest to move from 2.2 because it wasn't' a stable release. There are
many patches released for it which is a good thing but further versions
uses policy-sets instead of policies for authentication and authorization
which might be a significant change for future. Hence I suggest to move
asap.
0 Helpful

Go to solution
Damien Miller
VIP Alumni
VIP Alumni

‎12-28-2018 11:01 AM

ISE 2.2 is a long term support release, as 2.4 will also be.  The BU has recently added recommendations to the ISE software download page, 2.4 is now the "gold star" release when used with patch 5.  Your customer should start planning an upgrade to 2.4, but they can stay on 2.2 for the foreseeable future (until EOS is announced at least) if they do not require any new features.  

 

2.2 patch 11 and 2.4 patch 4 were deferred, both releases had an AD bug regression that you either hit or didn't.  2.2 Patch 12 or 2.4 patch 5 are both considered stable and I would run either in production.  The release notes for each release will cover the resolved bugs per patch level, the most recent patch including all previous patch fixes as well. 


Resolved caveats
https://www.cisco.com/c/en/us/td/docs/security/ise/2-2/release_notes/ise22_rn.html#pgfId-810214

 

2.2 open caveats
https://www.cisco.com/c/en/us/td/docs/security/ise/2-2/release_notes/ise22_rn.html#pgfId-747245

 

As with any ISE upgrade/patch, review the release notes, review the bug tracker, test in a QA environment if available.  At least with ISE patching, if you encounter any show stopping bug, rolling back is relatively painless.  

ise-rec.JPG

0 Helpful
Customers Also Viewed These Support Documents