THIS FIELD NOTICE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTY OF MERCHANTABILITY. YOUR USE OF THE INFORMATION ON THE FIELD NOTICE OR MATERIALS LINKED FROM THE FIELD NOTICE IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS FIELD NOTICE AT ANY TIME.
Migration to new field notice system
|Affected Product ID
||Sx80's go network dead in an event where the interfaces flap|
||WSA watchdog reboot introduced in 7.7.0-725|
||WSAs are prone to lockup from trafmon interactions|
Some software versions might cause the Cisco S380 and S680 Series appliances to reboot or lock up.
These issues are responsible for the resets or lockups on the Cisco S380 and S680 Series appliances:
- Cisco bug ID CSCuo58953: The Cisco Web Security Appliance (WSA) can experience a lockup, which causes the hardware watchdog to reset the appliance. This lockup can occur in the TCP stack when Synchronization (SYN)/Acknowledgement (ACK) retransmissions are required, which locks up the entire network stack and eventually the whole appliance.
- Cisco bug ID CSCuj20621: The WSA can experience a lockup when Firewall (IPFW) rules are updated while trafmon is run. This lockup is caused by the order in which locking is performed during the update.
- Cisco bug ID CSCuo61072: The WSA S380 and S680 Series network interfaces can hang if the network link is reset. This is occurs when the interface buffers become inaccessible during the transition, which results in a lockup.
In all of the three cases that are mentioned in the previous section, users are unable to access the Internet. The circumstances deteriorate quickly, which results in the inability for administrators to access the appliance, followed by a complete lockup on the appliance. In most instances, the hardware watchdog reboots the appliance. In the case where the network link resets, the appliance might require manual intervention.
All of the three issues are resolved in these AsyncOS for Web versions:
- Version 7.7.0 build 753 (7.7.0-753)
- Version 8.0.6 build 078 (8.0.6-078)
In order to verify the AsyncOS software version that your WSA runs via the CLI, enter the version command:
Upgrade your WSA to Version 7.7.0 build 753 or Version 8.0.6 build 078. Higher builds of Versions 7.7.0 and 8.0.6, or versions higher than Version 8.0.6, also fix the issues.
Complete these steps in order to upgrade your appliance from the Web Interface:
- Navigate to the System Administration > System Upgrade page and click Available Upgrades. The page refreshes with a list of available AsyncOS for Web upgrade versions.
- Click Begin Upgrade in order to start the upgrade process.
- Answer the questions as they appear.
- When the upgrade is complete, click Reboot Now in order to reboot the WSA.
In order to upgrade the WSA with the CLI, enter the upgrade command and answer the questions as they appear. This presents you with a list of the available versions. Select one of the versions with the new engine and reboot your appliance after the upgrade is complete.
Note: If you use a Content Security Management Appliance (SMA) in order to manage the WSA and the Cisco Email Security Appliance (ESA), the SMA must be upgraded to another version, dependent upon the versions that run on the WSA and the ESA.
Use this table in order to determine the SMA version that you should run. Cross the row and column with the WSA and the ESA versions that you currently run in order find the SMA version to which you must upgrade. If you do not have an ESA, upgrade your SMA to any option that is listed in the column with your WSA version:
|WSA 7.7.0-753||WSA 8.0.6-078|
|ESA 8.0.1 or 8.0.2||SMA 8.1.1-033||SMA 8.3.6-028|
|ESA 8.5.x||SMA 8.3.6-028||SMA 8.3.6-028|
If you have any questions, contact your local Cisco Support Team for assistance.
For More Information
If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:
Receive Email Notification For New Field Notices
Cisco Notification Service—Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.