22 Comments

  1. Rob M
    May 5, 2019 @ 12:56 pm

    So, once again Cisco makes their poor software QA their customer bases problem.

    Reply

    • lammle
      May 5, 2019 @ 5:20 pm

      seems that by now they’d get better at this, and .0 codes are always risky…

      Reply

  2. Abdullah
    May 6, 2019 @ 2:35 am

    Regarding Cisco Alert i link below …the save side recommend to go 6.4.0 Not Vulnerable ..

    https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asa-frpwrtd-dos

    from our side we go to Upgrade 10 Firewall FTD to 6.4.0 ….

    Reply

    • lammle
      May 6, 2019 @ 4:56 am

      Wow, thank you for posting!

      Reply

  3. FP_guy
    May 7, 2019 @ 12:20 am

    We’ve been testing 6.4 beta and now deployed into pre-production and progress since 6.2.3.x is really not enough.
    6.3 was a mess and 6.4 is still unfortunately not solving our long term issues

    Reply

    • lammle
      May 7, 2019 @ 6:48 am

      there are more and more features coming out every week. But they are not up to what the ASA provides yet, but each week it gets better. I understand your frustration.

      Reply

  4. Jonathan
    May 7, 2019 @ 8:37 am

    Running Firepower FMC version 6.4 – Just found out Correlation Event emails are not working. The Events happen, but no emails being sent.

    Worked fine in FMC 6.2.3.6.

    Can anyone else test this? Have TAC case open.

    Reply

    • lammle
      May 7, 2019 @ 9:24 am

      yes, I will test it, but I’m at a customer today, and can get on this tomorrow!
      thanks for the heads up!

      Reply

  5. Fredrik Hofgren
    May 9, 2019 @ 6:20 am

    I agree you shouldn’t rush for a release just because. But we are forgetting one important new feature that, at least for me, is forcing my hand. The support for Microsoft Azure installation. It’s doesn’t justify pre-releasing an unfinished product but in my case Azure support quite frankly allows me to continue using the Firepower brand all together since my employer is fast becoming an Azure only shop.

    Reply

    • lammle
      May 9, 2019 @ 6:58 am

      Yes, that is true, and something not really brought up. The Azure support is great, but you can’t do a lot with FTD and Azure still….

      Reply

      • Fredrik Hofgren
        May 9, 2019 @ 9:01 am

        I wouldn’t say that. With and vFTD in Azure acting as the IaaS firewall you can basically set up a multi-zone network in Azure just as on any physical implementation and do away with the awkward Azure Network security groups. Now with 6.4 you can have the vFMC “on site” as well which for me greatly reduces the strain on our hybrid links.

        Reply

        • lammle
          May 9, 2019 @ 10:14 am

          there were a couple things that stopped me from using azure for my FTD classes, things like no HA and no sub interfaces at this time.

          Reply

      • Fredrik Hofgren
        May 9, 2019 @ 9:03 am

        Oh, and yes. I’m 6.4 on the FMC but no way I go to 6.4 on the FTDs yet.

        Reply

        • lammle
          May 9, 2019 @ 10:14 am

          there were a couple things that stopped me from using azure for my FTD classes, things like no HA and no sub interfaces at this time.

          Reply

  6. Roy
    May 16, 2019 @ 8:19 am

    6.4.0.1 is out now. Has anyone tried it? Did it clear up the bugs in 6.4.0 if so?

    Reply

    • lammle
      May 18, 2019 @ 8:06 am

      Yes, it did fix the Firepower discovery issue and I am still testing…

      Reply

      • MATT
        May 21, 2019 @ 7:55 am

        Hey lammle, did you find any intresting issues ? Do you think we should upgrade to 6.4.0.1 ?

        Reply

        • lammle
          May 21, 2019 @ 8:08 am

          Hi Matt.
          I like 6.4.0.1
          there are a lot of features that I blogged about and I really like it. I a large medical company on 6.4.0.1 and averting is going great. If your not in a hurry, you can wait until the end of this week and I promise I’ll know more
          Todd

          Reply

  7. Andy Daws
    May 31, 2019 @ 5:36 am

    Hi Great blogs and comment though I would post my experience so far

    Waited for 6.4.0.1 as you do and this is for HA Paired devices

    Carried out upgrade to 6.4 followed by 6.4.0.1 patch of FMC (No problem) followed by FTD Devices this is where things started to go a little wrong taking a day to work out solutions or workarounds. Firstly Passive showed as constantly in Sync even after leaving overnight resolution was even if not listed for 6.4

    https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvc81801/?rfs=iqvred

    Next problem we have NAT rules translating both Destination IP and port (Working on 6.3) re-deploying on 6.4.0.1 gives up an error saying something along the line of can not map nat port. Changing to ANY other source and/or destination port gives the same error removing succeeds even creating new rule or changing Dynamic to static all fails

    Moving rules from the default NAT Rules Before to NAT Rule After and it works

    Reply

    • lammle
      May 31, 2019 @ 8:27 am

      I have seen the HA issues, and sent them to Cisco. They haven’t been able to replicate it of course, but I can see it all the time. It has something to do with versions, even though I install the same software exactly, it doesn’t show they are the same. Very odd!

      The NAT issue is new to me. I’ll have to test that

      thank you for posting!

      Reply

      • Andy Daws
        July 15, 2019 @ 5:27 am

        Following up now 6.4.0.2 is out NAT issue is still there but we found the problem is due to we have sub interfaces but the interface has a security zone also. As not needed removed resolves the problem that was fine on 6.3

        Also https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvp70543 matches the same or similar errors given in transcript just for Firepower Appliances rather than ASA

        Reply

  8. Roy
    June 27, 2019 @ 8:25 am

    6.4.0.2 is out

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *