Upgrade NGFW Engines remotely

The Management Server can remotely upgrade NGFW Engine components that it manages. You can upgrade several NGFW Engines of the same type in the same operation.

Before you begin

Read the Release Notes for the new version, especially the required SMC version and any other version-specific upgrade issues that might be listed. To access the release notes, select Configuration, then browse to Administration > Other Elements > Engine Upgrades. Select the type of NGFW Engine you are upgrading. A link to the release notes is included in the upgrade file’s information. If the Management Server has no Internet connectivity, you can find the release notes at https://⁠support.forcepoint.com/Documentation.

For more details about the product and how to configure features, click Help or press F1.

Steps

  1. In the Management Client component of the SMC, select Home.
  2. Right-click the NGFW Engine that you want to upgrade, then select Commands > Go Offline.
  3. When prompted to confirm that you want to set the node offline, click Yes.
    The node goes offline shortly.
  4. When the node is offline, right-click the node, then select Configuration > Upgrade Software.
  5. From the Operation drop-down list, select the type of operation that you want to perform:
    • Select Remote Upgrade (transfer + activate) to install the new software and reboot the node with the new version of the software.
    • Select Remote Upgrade (transfer) to install the new software on the node without an immediate reboot and activation. The node continues to operate with the currently installed version until you choose to activate the new version.
    • Select Remote Upgrade (activate) to reboot the node and activate the new version of the software that was installed earlier.
  6. If necessary, add or remove NGFW Engines in the Target list.
    All NGFW Engines in the same Upgrade Task must be of the same type.
  7. Click Select next to the Engine Upgrade field, select the upgrade file, then click OK.

    If you choose to activate the new configuration, you are prompted to acknowledge a warning that the node will be rebooted. A new tab opens showing the progress of the upgrade. The time the upgrade takes varies depending on the performance of your system and the network environment. The NGFW Engine is automatically rebooted and brought back online.

    The upgrade overwrites the inactive partition and then changes the active partition. To undo the upgrade, use the sg-toggle-active command or the NGFW Engine’s boot menu to change back to the previous software version on the other partition. This change can also happen automatically at the next reboot if the NGFW Engine is not able to successfully return to operation when it boots up after the upgrade.