08-19-2013 01:50 AM - edited 03-10-2019 08:47 PM
Hi all,
Would like to find out on patching process on inline posture node.
My topology is one ISE appliance node type is Admin/Policy Service Node; while another unit is inline posture node.
Both appliance have the identical software versiona and patch, namely 1.1.3.124, patch 2
I would like to update it to patch version 4.
My question:
01. If i apply the patch on the Admin/Polic Service Node using GUI patch maangement, will this also apply the patch to Inline Posture node?
02. Or should i use console into Inline Posture node and using CLI way to update the patch? Anything i should mention in this process, example: stop application etc?
Please advice, million thanks
Noel
08-20-2013 05:59 AM
Resolved Issues in Cisco ISE Version 1.1.0.665—Cumulative Patch 4
Lists the issues that are resolved in Cisco Identity Services Engine Maintenance Release 1.1.0.665 cumulative patch 4.
You must deploy this patch on Cisco Identity Services Engine Maintenance Release 1.1.0.665 (with or without patch 1, 2, and 3 applied), otherwise the patch install will fail and Cisco ISE will return an error message stating, "This patch is intended to be installed on ISE 1.1.0.665."
To obtain the patch file necessary to apply the patch to Cisco ISE Release 1.1, log into the Cisco Download Software site at http://www.cisco.com/cisco/software/navigator.html?a=a&i=rpm (you might be required to provide your Cisco.com login credentials), navigate to Security > Access Control and Policy > Cisco Identity Services Engine > Cisco Identity Services Engine Software, and save a copy of the patch file to your local machine. Then refer to the "Installing a Software Patch" section of the "Administering Cisco ISE" chapter of the Cisco Identity Services Engine User Guide, Release 1.1. for instructions on how to apply the patch to your system.
If you experience problems installing the patch, please contact Cisco Technical Assistance Center.
Cisco ISE Patch Version 1.1.0.665—Patch 4 Resolved Caveats | |
Caveat | Description |
Apache Struts2 command execution vulnerability Cisco ISE includes a version of Apache Struts that is affected by the vulnerabilities identified by the following Common Vulnerability and Exposures (CVE) IDs: CVE-2013-2251. This fix addresses the potential impact on this product. |
Managing Software Patches
You can install patches on ISE servers in your deployment from the primary administration node. ISE patches are usually cumulative; however, any restrictions on the patch installation will be described in the README file that will be included with the patch. Cisco ISE allows you to perform patch installation and rollback from either the command-line interface (CLI) or GUI.
When you install or roll back a patch from a standalone or primary administration node, ISE restarts the
Application. You might have to wait for a few minutes before you can log back in.
When you install or roll back a patch from the primary administration node that is part of a distributed deployment, Cisco ISE installs the patch on the primary and all the secondary nodes in the deployment. If the patch installation is successful on the primary node, Cisco ISE then proceeds to the secondary nodes. If it fails on the primary node, the installation is aborted. However, if the installation fails on any of the secondary nodes for any reason, it still continues with the next secondary node in your deployment.
Installing a Software Patch.
Please check the below link for step by step installation.
http://www.cisco.com/en/US/docs/security/ise/1.1/user_guide/ise_admin.pdf
08-20-2013 11:28 PM
You will have to use the cli to patch the inline node. Using the administration node doesnt push the patch to the ipn, just the other nodes.
Sent from Cisco Technical Support iPad App
08-22-2013 02:09 AM
Patch installation and rollback on Inline Posture nodes can only be done through the Cisco ISE CLI and this status will not be displayed in the Node Status pop-up.
You can install patches on ISE servers in your deployment from the primary administration node. ISE patches are usually cumulative, however, any restrictions on the patch installation will be described in the README file that will be included with the patch. Cisco ISE allows you to perform patch installation and rollback from either the command-line interface (CLI) or GUI.
When you install or roll back a patch from a standalone or primary administration node, ISE restarts the application. You might have to wait for a few minutes before you can log back in.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide