34 Comments

  1. Rob M
    May 5, 2019 @ 12:56 pm

    So, once again Cisco makes their poor software QA their customer bases problem.

    Reply

    • lammle
      May 5, 2019 @ 5:20 pm

      seems that by now they’d get better at this, and .0 codes are always risky…

      Reply

  2. Abdullah
    May 6, 2019 @ 2:35 am

    Regarding Cisco Alert i link below …the save side recommend to go 6.4.0 Not Vulnerable ..

    https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asa-frpwrtd-dos

    from our side we go to Upgrade 10 Firewall FTD to 6.4.0 ….

    Reply

    • lammle
      May 6, 2019 @ 4:56 am

      Wow, thank you for posting!

      Reply

  3. FP_guy
    May 7, 2019 @ 12:20 am

    We’ve been testing 6.4 beta and now deployed into pre-production and progress since 6.2.3.x is really not enough.
    6.3 was a mess and 6.4 is still unfortunately not solving our long term issues

    Reply

    • lammle
      May 7, 2019 @ 6:48 am

      there are more and more features coming out every week. But they are not up to what the ASA provides yet, but each week it gets better. I understand your frustration.

      Reply

  4. Jonathan
    May 7, 2019 @ 8:37 am

    Running Firepower FMC version 6.4 – Just found out Correlation Event emails are not working. The Events happen, but no emails being sent.

    Worked fine in FMC 6.2.3.6.

    Can anyone else test this? Have TAC case open.

    Reply

    • lammle
      May 7, 2019 @ 9:24 am

      yes, I will test it, but I’m at a customer today, and can get on this tomorrow!
      thanks for the heads up!

      Reply

  5. Fredrik Hofgren
    May 9, 2019 @ 6:20 am

    I agree you shouldn’t rush for a release just because. But we are forgetting one important new feature that, at least for me, is forcing my hand. The support for Microsoft Azure installation. It’s doesn’t justify pre-releasing an unfinished product but in my case Azure support quite frankly allows me to continue using the Firepower brand all together since my employer is fast becoming an Azure only shop.

    Reply

    • lammle
      May 9, 2019 @ 6:58 am

      Yes, that is true, and something not really brought up. The Azure support is great, but you can’t do a lot with FTD and Azure still….

      Reply

      • Fredrik Hofgren
        May 9, 2019 @ 9:01 am

        I wouldn’t say that. With and vFTD in Azure acting as the IaaS firewall you can basically set up a multi-zone network in Azure just as on any physical implementation and do away with the awkward Azure Network security groups. Now with 6.4 you can have the vFMC “on site” as well which for me greatly reduces the strain on our hybrid links.

        Reply

        • lammle
          May 9, 2019 @ 10:14 am

          there were a couple things that stopped me from using azure for my FTD classes, things like no HA and no sub interfaces at this time.

          Reply

      • Fredrik Hofgren
        May 9, 2019 @ 9:03 am

        Oh, and yes. I’m 6.4 on the FMC but no way I go to 6.4 on the FTDs yet.

        Reply

        • lammle
          May 9, 2019 @ 10:14 am

          there were a couple things that stopped me from using azure for my FTD classes, things like no HA and no sub interfaces at this time.

          Reply

  6. Roy
    May 16, 2019 @ 8:19 am

    6.4.0.1 is out now. Has anyone tried it? Did it clear up the bugs in 6.4.0 if so?

    Reply

    • lammle
      May 18, 2019 @ 8:06 am

      Yes, it did fix the Firepower discovery issue and I am still testing…

      Reply

      • MATT
        May 21, 2019 @ 7:55 am

        Hey lammle, did you find any intresting issues ? Do you think we should upgrade to 6.4.0.1 ?

        Reply

        • lammle
          May 21, 2019 @ 8:08 am

          Hi Matt.
          I like 6.4.0.1
          there are a lot of features that I blogged about and I really like it. I a large medical company on 6.4.0.1 and averting is going great. If your not in a hurry, you can wait until the end of this week and I promise I’ll know more
          Todd

          Reply

  7. Andy Daws
    May 31, 2019 @ 5:36 am

    Hi Great blogs and comment though I would post my experience so far

    Waited for 6.4.0.1 as you do and this is for HA Paired devices

    Carried out upgrade to 6.4 followed by 6.4.0.1 patch of FMC (No problem) followed by FTD Devices this is where things started to go a little wrong taking a day to work out solutions or workarounds. Firstly Passive showed as constantly in Sync even after leaving overnight resolution was even if not listed for 6.4

    https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvc81801/?rfs=iqvred

    Next problem we have NAT rules translating both Destination IP and port (Working on 6.3) re-deploying on 6.4.0.1 gives up an error saying something along the line of can not map nat port. Changing to ANY other source and/or destination port gives the same error removing succeeds even creating new rule or changing Dynamic to static all fails

    Moving rules from the default NAT Rules Before to NAT Rule After and it works

    Reply

    • lammle
      May 31, 2019 @ 8:27 am

      I have seen the HA issues, and sent them to Cisco. They haven’t been able to replicate it of course, but I can see it all the time. It has something to do with versions, even though I install the same software exactly, it doesn’t show they are the same. Very odd!

      The NAT issue is new to me. I’ll have to test that

      thank you for posting!

      Reply

      • Andy Daws
        July 15, 2019 @ 5:27 am

        Following up now 6.4.0.2 is out NAT issue is still there but we found the problem is due to we have sub interfaces but the interface has a security zone also. As not needed removed resolves the problem that was fine on 6.3

        Also https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvp70543 matches the same or similar errors given in transcript just for Firepower Appliances rather than ASA

        Reply

  8. Roy
    June 27, 2019 @ 8:25 am

    6.4.0.2 is out

    Reply

  9. Roy
    July 23, 2019 @ 3:01 pm

    What is the consensus on 6.4.0.3?

    Reply

    • Todd Lammle
      July 23, 2019 @ 7:14 pm

      6.4.0.3 fixed all the HA issues that I had, plus all my customers.

      Reply

      • Roy
        July 30, 2019 @ 8:09 am

        Any negatives that you have found? Looking to upgrade from 6.4.0.1.

        Reply

        • Todd Lammle
          July 30, 2019 @ 8:11 am

          Hi Roy, yes, we had to down grade to 6.4.0.1 again…we ended up with the same HA issue…I guess we’re all waiting for 6.4.0.4 now..

          Reply

  10. LO
    August 22, 2019 @ 7:57 am

    FYI, 6.4.0.4 is out as of Yesterday

    Reply

    • Todd Lammle
      August 22, 2019 @ 8:32 am

      Oh wow, nice, thank you! I checked Tuesday…LOL

      Reply

  11. Todd Lammle
    August 22, 2019 @ 11:01 am

    So 6.4.0.4 is out now, and I am installing right now
    Hopefully this will fix my HA issues!

    Reply

    • DBLockdown
      August 28, 2019 @ 8:32 am

      Hi Todd, any luck with 6.4.0.4 with FTD’s? I’m planning to install them this week on all of our FPR-2110’s, wonder if HA will break. I’ve already consulted with Cisco TAC but they didn’t mention anything about HA breaking. We’re moving up from 6.2.3.13 tp 6.4.0.4. Thanks.

      Reply

      • Todd Lammle
        August 28, 2019 @ 8:49 am

        I did run 6.4.0.4 in my class last week with 12 people and we had no issues, however, we never got to the HA lab….the problem with the HA issue is that it doesn’t show ups right away…it takes a couple days to see the issues arise mostly…sorry that I don’t have the answer right now, but I’ll work on it!

        Reply

  12. DBLockdown
    August 28, 2019 @ 8:22 pm

    As per TAC, there is a patch for the HA issues – 6.4.0.2 Hotfix F, shouldn’t be a problem when on 6.4.0.4.

    “CSCvq34224: Firepower Primary Detection Engine process terminated after Manager upgrade

    If you already upgraded to Version 6.4.0.2-34 and have FTD devices configured for high availability, apply Hotfix F. In FMC deployments, apply the hotfix to the FMC. In FDM deployments, apply the hotfix to both devices.”

    Reply

  13. Todd Lammle
    August 29, 2019 @ 8:10 am

    Okay, will try that, thank you!

    Reply

  14. Roy
    August 30, 2019 @ 6:56 am

    FYI for 6.4.0.4 and some other versions. https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvq56761

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *