Wednesday, April 22, 2015

Firewall Maintenance - 04/22/15

This maintenance is complete.

 4/22/15 at 10:00a
Recently, vulnerabilities in the Cisco ASA products were disclosed, and Cisco has released an update to mitigate the issues. Tonight, beginning at 10 PM, we will be upgrading software on several sets of ASAs. Most of what we are upgrading run in HA pairs, so disruptions will be minimal in most cases (10- 15 seconds), as the failover peer will handle traffic while the other unit is being upgraded. We have made contact with Administrative Contacts at Olathe, Salina, Athletics, Campus Police and KDA to notify them of the upgrade. The list of firewalls that need to be upgraded are:

Border, VPN, PCI, Olathe, Police, Athletics, KDA, Salina

Some of the ASAs listed will be upgraded earlier or at specific times during the maintenance window to minimize business impact.

At this same time we will be upgrading the AnyConnect client version on the VPN to patch for the same vulnerabilities. As with previous updates to the client, an upgrade process will start shortly after you establish a VPN Session. For those profiles that have “Start Before Login” enabled, it is likely that a reboot of the system will be required after the client update is complete. If you have an existing VPN session established before this maintenance window, your client will not be upgraded until after you disconnect and re-establish a VPN connection.