Procedure for upgrading incrementally

Follow these steps to complete the upgrade.

Steps

  1. To prepare for upgrade:
    1. Back up your existing deployment, especially the Policy Broker machine and the Log Database.
    2. To upgrade to v8.5, first upgrade to v8.1.x, v8.2.x, v8.3.x, or v8.4.x. (if necessary)

      To upgrade to v8.5.3, first upgrade to v8.2.x, v8.3.x, v8.4.x, or v8.5. (if necessary)

      To upgrade to v8.5.4, first upgrade to v8.4.x, or 8.5.x. (if necessary0);

      To upgrade to v8.5.5, first upgrade to v8.5.3 or 8.5.4 (if necessary).

    3. Stop all Log Server instances and Log Database jobs.
    4. Identify the primary logical deployment.
  2. Upgrade the primary Policy Broker
    All other web protection components on the primary Policy Broker machine are upgraded automatically.
  3. After the primary Policy Broker has been upgraded, continue by upgrading the logical deployment that uses the primary Policy Broker. Follow these steps to complete the upgrade of the primary logical deployment.
    1. Restart services on each machine before starting the upgrade.

      Before upgrading any Policy Server, reboot the machine. If you are using a Forcepoint Appliance, do a full restart of the appliance.

    2. Upgrade the Policy Server machine first.
    3. Upgrade machines with Filtering Service, Network Agent, and User Service components associated with this Policy Server.
    4. Upgrade Log Server. You can then restart any other Log Servers that were previously stopped. (If using a distributed Log Server environment, please see the Requirement #5 above.)
    5. Restart Log Database jobs.
    6. Upgrade the management server machine.
    7. Upgrade other machines where any additional components are installed.
  4. As time permits, continue by upgrading each logical deployment. All components in a logical deployment should be upgraded at the same time.
    Follow these steps as needed to upgrade each logical deployment. Note that a replica Policy Broker must be upgraded before all Policy Server instances connected to it.
    1. Restart services on each machine before starting the upgrade
    2. Upgrade the Policy Broker machine first.
    3. Upgrade Policy Server (if it resides on a different machine than Policy Broker).
    4. Upgrade machines with Filtering Service, Network Agent, and User Service components associated with this Policy Server.
    5. Upgrade Log Server.
    6. Upgrade other machines where any additional components are installed.

Next steps

Optionally, replica Policy Brokers running on a dedicated machine (with no other web protection components installed) can be upgraded prior to the remaining logical deployments. This allows data synchronization between the primary and replica instances.

Note that this deployment model is not typical, because a Policy Server instance is typically installed with each Policy Broker instance. (See Limitations and restrictions below)