Upgrade procedure

Important:

Appliance services are not available while the upgrade is being applied. Disruption continues until the appliance completes its final restart.

It is a best practice to perform the upgrade at a time when service demand is low.

Steps

  1. Identify or define a filestore for staging the X10G C Port Hotfix and the upgrade, and as an off-appliance location for keeping backup files.
  2. Download the v8.5.3 or 8.5.4 Forcepoint Security Installer to a location where it is easy to copy it to Windows servers hosting Forcepoint web, email, and data components, such as TRITON Manager (renamed Forcepoint Security Manager in v8.4) and Log Server.
  3. Download the X10G C Port Hotfix and the v8.5.3 or 8.5.4 upgrade package and place them in the filestore.
    1. Log on to My Account, go to the Downloads page.
    2. In the Forcepoint Appliances > Forcepoint X10G Appliance, click the version number that your blades are currently running. To see all versions, you may need to click the All Downloads button at the top of the page.
    3. In the Installer section, select [version] Unified Appliance Installer or [version] Universal upgrade for V / X Series appliances.

      The rpm name is Websense-Appliance-Upgrade-[version].rpm.

    4. On the resulting Product Installer page, look at the Release Date and Details to confirm that you selected the appropriate upgrade rmp, and then click Download. You may also want to save the MD5 to perform a checksum on the downloaded file.
    5. Next, go back a page to the Forcepoint X10G Appliance Version 8.x.x page, and select the C Interface Hotfix for the current version.
    6. On the resulting Hotfix & Upgrade page, look at the Release Date and Description to confirm that you selected the correct hotfix, and then click Download. You may also want to save the MD5 to perform a checksum on the downloaded file.
    7. Perform checksums. Or, if needed, move the files to the filestore and then perform checksums.

      You now have the files you need to upgrade all of your X10G blades.

  4. Verify that the hotfix and upgrade files are accessible from the blades.

    Log on to the CLI of a blade to be upgraded, elevate to config mode and use:

    load upgrade --location <filestore_alias>
load hotfix --location <filestore_alias>

    In each list, confirm that the hotfix and upgrade files are present.

  5. Perform Pre-upgrade activities.
  6. If your deployment includes TRITON AP-WEB, you must upgrade the policy source machine (Policy Broker/Policy Database) before upgrading web protection components on your security blades. If the Full policy source machine is an X10G, upgrade that blade first. After upgrading the policy source machine, confirm that Policy Broker and Policy Database services are running.
    Important: All TRITON components on the Full policy source machine are upgraded when Policy Broker/Policy Database are upgraded.

    In all instances, you must upgrade TRITON AP-WEB components in the following order:

    1. Full policy source

      Upon completion, confirm that Policy Broker and Policy Database services are running. See Upgrading Web Protection Solutions.

    2. User directory and filtering (sometimes called policy lite) blades and non-appliance servers that host Policy Server.
    3. Filtering only blades, and non-appliance servers that host Filtering Service.
    4. Off-appliance servers hosting other web protection components (like Log Server or Logon Agent).
      Important: Successful upgrade of User directory and filtering and Filtering only appliances require connectivity with the Policy Broker and Policy Database services.
  7. If the appliance is registered in TRITON Manager, in TRITON Manager go to Appliances > Manage Appliance and unregister the appliance. Re-registration is a post-upgrade activity.

    If the appliance is a User directory and filtering appliance, unregister the appliance. In the Web module of TRITON Manager, go to the Settings > General > Policy Servers page and unregister the appliance.

  8. Upload and apply the v8.5.3 or 8.5.4 upgrade.
    1. Upload the upgrade.
      load upgrade --location <filestore_alias>
--file <upgrade_filename>
    2. Install the upgrade.
      install upgrade

      Select the v8.5.3 or 8.5.4 upgrade from the list. When prompted, confirm to continue, then accept the subscription agreement.

      The file performs several system checks. The checks may take several minutes. When installation is complete, the appliance automatically restarts.

      If the upgrade fails, the blade server automatically rolls back to the prior version. If the source of the failure is not obvious or cannot be easily addressed, contact Forcepoint Technical Support.

      If installation seems to stop, allow the process to run for at least 90 minutes. If installation has not completed in that time, contact Forcepoint Technical Support.

  9. Perform Post-upgrade activities.
  10. Return to Step 5 and upgrade remaining X10G blade servers.
  11. Upgrade the TRITON management server (if not upgraded when Policy Broker/Policy Database were upgraded), and other servers that host Forcepoint components. See Upgrading Web Protection Solutions and Upgrading Email Protection Solutions for instructions.