SonicWALL Aventail 10.5.6 Upgrade Guide

Secure Remote Access SonicWALL Aventail E-Class SRA EX-Series 10.5.
6
SonicWALL Aventail E-Class SRA EX-Series 10.5.6 Upgrade Guide
232-000953-00 Rev A
Upgrade Guide

This document describes the process of obtaining your SonicWALL Aventail E-Class SRA EX-Series firmware
update file, verifying it, and installing it on an existing appliance.
Updating a clustered pair of SonicWALL Aventail appliances is described at the end of this document. For a
complete list of known issues from previous versions that are fixed in this release, see the Release Notes.
To update the firmware on your SonicWALL Aventail appliance, you will need to perform the following tasks:
Create a MySonicWALL account, if you dont already have one. You need an account in order to register your
SonicWALL Aventail EX-Series appliance. MySonicWALL registration information is not sold or shared with any
other company.
Register your device on MySonicWALL. Registration provides access to essential resources, such as your
license file, firmware updates, documentation, and technical support information. When you register, you are
prompted to enter an authentication code.
Use your MySonicWALL account to retrieve the update file for your SonicWALL Aventail EX-Series appliance.
Upload the update file to your appliance using the Aventail Management Console (AMC) and then reboot.
Obtain your client component update file, install it to all client endpoints, and verify it.
See the following sections for detail ed upgrade information:
Platform Compatibility ................................................................................................................................................... 1
Configuration Notes ....................................................................................................................................................... 1
Appliance Upgrade Requirements ................................................................................................................................ 2
Client Upgrade Requirements ....................................................................................................................................... 3
Creating a MySonicWALL Account ............................................................................................................................... 3
Registering Your SonicWALL Aventail E-Class SRA Appliance ................................................................................... 3
Finding the Authentication Code for Your Appliance .................................................................................................... 4
Obtaining the Update File or Hotfix from MySonicWALL .............................................................................................. 4
Installing an Update or Hotfix Using AMC ..................................................................................................................... 5
Verifying the Update ...................................................................................................................................................... 6
Updating a Clustered Pair ............................................................................................................................................. 6
Working With Hotfixes on the Command Line .............................................................................................................. 7
Importing Your SonicWALL Aventail License ................................................................................................................ 8
Platform Compatibility
Version 10.5.6 of the SonicWALL Aventail E-Class SRA EX-Series is supported on the following appliances:
SonicWALL Aventail E-Class SRA EX7000
SonicWALL Aventail E-Class SRA EX6000
SonicWALL Aventail E-Class SRA EX-2500
SonicWALL Aventail E-Class SRA Virtual Appliance
Configuration Notes
Symantec OnDemand Protection is not supported in version 10.5.6. Before upgrading from 10.0.x and earlier
versions, disable Symantec OnDemand Protection for all End Point Control Zones. Otherwise, the upgrade will
fail.

2
232-000953-00 Rev A
Upgrade Guide
Appliance Upgrade Requirements
You can upgrade your EX-Series appliance directly to version 10.5.6 from the following versions when the most
recent Hotfix has been installed:
10.5.5, 10.5.4, or 10.5.3
When upgrading from an initial or maintenance release within the current major version of the firmware
(10.5.x), appliance firmware upgrades are supported from the three most recent releases. For the 10.5.6
release, this includes 10.5.3, 10.5.4, and 10.5.5.
10.0.7, 10.0.6, or 10.0.5
When upgrading from a major version that is one version back, appliance firmware upgrades are supported
from the three most recent maintenance releases of that major version. If you are upgrading from a 10.0.x
version prior to 10.0.5, you must first upgrade to the most recent 10.0.x maintenance release, which is
version 10.0.7.
http://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=9989&catID2=30&catID1=549
It is a best practice that the EX-Series appliance be running the latest Hotfix version before upgrading from the
versions listed above. The latest Hotfix for each version as of the date of these Release Notes is shown below. It is
possible that additional hotfixes will be released for these versions, in which case you can access the corresponding
Knowledge Base link to see the most up-to-date hotfix recommendations.
Firmware
Version
Latest Pl atform
(Appliance) Hotfix
Latest Client Hotfix Knowledge Base Link to
Recommended Hotfixes
10.5.5 pform-hotfix-10.5.5-106 clt-hotfix-10_5_5-106 SonicWALL KB 549
10.5.4 pform-hotfix-10.5.4-002 clt-hotfix-10_5_4-001 SonicWALL KB 9513
10.5.3 pform-hotfix-10_5_3-004 clt-hotfix-10_5_3-003 SonicWALL KB 8780
To check whether any hotfixes have been applied, click System Status or Maintenance from the main navigation
menu in AMC. If any hotfixes have been incorporated, youll see a hotfixes link next to the version number. Click
the link for more information about which ones have been applied.
Appliances running versions 8.8.x or 8.9.x must be upgraded to the latest maintenance release of 10.0.x before
upgrading to 10.5.6. The licensing scheme for the E-Class SRA EX-Series changed in version 9.0.x. If you are
upgrading from version 8.8 or 8.9 to a later version, you must obtain a new license.

3
232-000953-00 Rev A
Upgrade Guide
Client Upgrade Requirements
Client component upgrades follow the same requirements as appliance upgrades.
If hotfixes are up to date on the client, you can upgrade your client components directly to version 10.5.6 from any
of the following versions:
10.5.5, 10.5.4, or 10.5.3
10.0.7, 10.0.6, or 10.0.5
J ust as you are advised to install all currently available hotfixes before upgrading the appliance, the associated
client-side fixes should be installed on all client machines prior to starting the client component upgrade to the next
release. After you apply the platform hotfix to your EX-Series appliance, the client-side fixes are pushed to each
client machine as it connects to the appliance. Depending on your environment, it can take a few days, weeks, or
months before all clients have connected to the appliance and received the client-side fixes.
After you upgrade your EX-Series appliance, client components are automatically upgraded as client machines
connect to the appliance. Any clients that connect who did not receive the client-side fixes might or might not be
upgraded without problems.
When performing any upgrade that requires stepping through multiple versions, you must allow all client systems to
upgrade to the intermediate version prior to continuing to the next version. All provisioned client components must
be upgraded on all client endpoints before proceeding with the subsequent upgrade. For example, the following
upgrade paths require stepping through intermediate versions:
10.0.5 >10.0.7 +Hotfixes >10.5.6
9.0.3 >9.0.5 +Hotfixes >10.0.7 +Hotfixes >10.5.6
Backwards compatibility is supported for all client access agents with the releases eligible for direct upgrade, listed
above. For example, if you upgrade your clients and appliance to version 10.5.6, then notice some type of issue that
requires you to roll the appliance back to 10.0.7 (with hotfixes), the 10.5.6 client access agents will still activate
correctly when the client connects to the appliance.
Creating a MySoni cWALL Account
If you dont already have a MySonicWALL account, create one by completing an online registration:
1. In your Web browser, go to www.mysonicwall.com.
2. In the User Login section, follow the link for users who are not yet registered.
3. Enter your account information, personal information, and preferences, and then click Submit. Be sure to use a
valid email address.
4. Follow the prompts to finish creating your account. SonicWALL will send a subscription code to the email
address you entered in step 3.
5. When you return to the login screen, log in with your new username and password.
6. Confirm your account by entering the subscription code you received by email.
Registering Your SonicWALL Aventail E-Class SRA Appliance
To register your appliance, perform the following steps:
1. In your Web browser, go to www.mysonicwall.com and log in with your username and password.
2. Locate your software serial number, which is printed on the back of your SonicWALL Aventail appliance.
3. Enter your serial number, and then click Next. Follow the on-screen instructions.
4. Confirm your serial number.

4
232-000953-00 Rev A
Upgrade Guide
5. Enter a name for this appliance.
6. If you are upgrading to version 10.5.6 from 8.8 or 8.9, you must also enter an authentication code (how to find
the code is described in the next se6tion).
7. Click Register to continue.
8. Follow the online prompts to fill out the survey and complete the registration process.
Finding the Authentication Code for Your Appliance
Your authentication code is the hardware identifier for your appliance, and it is displayed in one or two places,
depending on your appliance model:
EX7000 and EX6000: Both your serial number and authentication code are printed on your appliance label;
they are also displayed on the General Settings page in AMC. Skip to the next section.
EX-2500, EX-1600, and EX-750: Your authentication code is the same as the MAC address of the internal
(eth0) network port. If you know how to obtain the MAC address for eth0, you can supply it to the
mySonicWALL.com Web site and proceed to get your license before upgrading the appliance software.
If you are not comfortable doing this, the simplest way to find the code is to first upgrade your appliance to
version 10.5.6, and then copy and paste it from AMC.
To get the authentication code/MAC address of your appliance, perform the following steps:
1. Install the 10.5.6 upgrade (see the steps in the next section, Obtaining the Update File from
mySonicWALL.com).
2. Click General Settings in the main navigation menu in AMC. On an appliance running 10.5.6, the
authentication code is shown in the Licensing area of that page: copy this code.
3. Log back in to mySonicWALL.com to retrieve your license file: select your appliance, and then paste its
authentication code into the corresponding text box.
Obtaining the Update File or Hotfix from MySonicWALL
The next step is to obtain the update file and copy it to the file system of your local computer:
1. In your Web browser, go to www.mysonicwall.com and log in with your username and password.
2. On the Downloads > Download Center page, select your EX-Series model from the Software Type drop-
down list.
3. In the Availabl e Software list, select the firmware item that corresponds to your appliance. For a new firmware
version, youll be prompted to download a file named <part number>_upgrade-<n>_<n>_<n>_<three-digit build
number>.bin file to your local computer. Hotfix filenames use the following naming convention:
<component>-hotfix-<version>-<hotfix number>.gz
Verifying the Downloaded Update File
To make sure that the update was successfully transferred to your local computer, compare its checksum against
the MD5 checksum information displayed on MySonicWALL.
To verify the MD5 checksum of the upgrade file on a PC, use a Windows- or J ava-based utility. Microsoft, for
example, offers an unsupported command-line utility on their site named File Checksum Integrity Verifier (FCIV).
Follow these steps to compare checksums using this utility:
1. At the DOS command prompt, type the following, which returns a checksum for the downloaded file:
f ci v <upgr ade_f i l ename>. bi n

5
232-000953-00 Rev A
Upgrade Guide
2. Compare the result against the MD5 checksum displayed on MySonicWALL. If they match, you can safely
continue with your update. If they differ, try the download again and compare the resulting checksums. If they
still dont match, contact Technical Support.
To verify the MD5 checksum directly on your SonicWALL Aventail appliance, type the following command to see the
checksum for the downloaded file:
md5sum<upgr ade_f i l ename>. bi n
Installing an Update or Hotfix Using AMC
This section outlines the process of updating your system from AMC with a new firmware version or a hotfix.
Note: Starting in version 10.0.0, you can no longer configure CA eTrust SiteMinder as an authentication server on
the SonicWALL Aventail appliance. If your current configuration includes a SiteMinder server, remove it from your
configuration before you back up your settings in preparation for installing the update file; otherwise you will see an
Update failed error message.
Backing Up Your Current Configuration
Before updating, its a good idea to back up the current configuration data from your appliance using the export
feature in AMC. This step is optional, but recommended:
1. From the main AMC navigation menu, click Maintenance.
1. In the System configurati on area, click Import/Export.
2. Click the Export button. A File Download dialog box prompts you to open the .aea file or save it to your hard
drive.
Note: On Windows operating systems, Internet Explorer may block the download of the .aea file. To work
around this, click the information bar that appears beneath the Internet Explorer Address box, and then click
Download File.
3. Click Save, browse to the correct directory on your hard drive, and then save the .aea file.
4. Click OK on the Export Configuration page to return to the Import/Export page.
Installing the Update or Hotfix File
Next, install the update or hotfix using AMC:
1. From the main navigation menu in AMC, click Maintenance.
2. In the System software updates area, click Update.
3. If you have not already downloaded the update or hotfix file (as described in the Obtaining the Update File or
Hotfix from MySonicWALL section), click the mySoni cWALL.com link and log in to download the appropriate
update or hotfix file to your local file system.
4. Type the path of the update or hotfix file or click Browse to locate it.
5. Click Install Update. This step may take several minutes, depending on the network connection speed.
After the file upload process is complete, the update or hotfix is automatically installed on the appliance. You
cannot cancel this part of the installation process. The appliance automatically restarts when the installation is
complete.
Restoring a Configuration
If the installation of the update or hotfix file is interrupted or fails, restore a saved configuration (creating a backup,
as described in the Backing Up Your Current Configuration section is highly recommended). To restore a
configuration:

6
232-000953-00 Rev A
Upgrade Guide
2. In the System configurati on area, click Import/Export.
3. In the File name box, type the path of the appropriate file (<appliance_name>-<date>-<nnn>.aea), or click
Browse to locate it.
4. Click Import. To activate the imported configuration, you must apply changes.
Rolling Back to a Previous Version
From AMC, you can undo the most recent update installed on the system. If you experience problems after
completing an update, you may want to use this feature to roll back to a known state. Each time you roll back the
software image, it removes the most recent system update and restores the version that existed just prior to the
update.
CAUTION: If you have made any configuration changes since updating the system, rolling back the software image
will erase these changes.
2. In the System configurati on area, click Rollback.
3. To roll back to the version displayed on the Rol lback page, click OK. After the rollback process is complete, the
appliance automatically restarts and applies the changes.
4. After the appliance restarts, verify the new version number in the bottom-left corner of the AMC home page.
Note: To roll back the version on a cluster, you must follow the steps above on both nodes, beginning with the
master node.
Verifying the Update
After installing the update, follow these steps to verify the current version number in AMC:
1. Log in to AMC.
5. From the main navigation menu, click System Status and make sure that the update succeeded by verifying
the Version number:
10.5-<three-digit build number>
For more information on managing a cluster, see the Installation and Administration Guide.
Updating a Clustered Pair
To update the SonicWALL Aventail software in a cluster environment, you must install the update or hotfix file and
import the license file to each node of the cluster. The order in which you update the nodes in the cluster is very
important: begin the process with the master node, and then proceed to the slave node. There may be some
disruption to service when performing the update, so schedule it during a maintenance window. Be sure to match
the serial number and authentication code on MySonicWALL for each appliance; both are displayed on the Manage
Licenses page in AMC (click General Settings, and then click Edit in the Licensing area).
For more information on managing a cluster, see the Installation and Administration Guide.
To update a cluster:
1. Log in to AMC and verify which node is the master. For more information, see Monitoring a Cluster in the
Installation and Administration Guide.
2. Log in to AMC on the master node and then, from the main navigation menu in AMC, click Maintenance.
3. In the System Configurati on area, click Update.
4. If you have not already downloaded the update file (as described in the Obtaining the Update File or Hotfix from
MySonicWALL section), click the mySonicWALL.com link and log in to download the appropriate update or
hotfix file to your local file system.

7
232-000953-00 Rev A
Upgrade Guide
6. On the second node click Maintenance in the main navigation menu in AMC.
7. In the System software updates area, click Update.
9. Click Install Update.
While the master node is updating, the slave node continues servicing requests. When the update to the master
node completes and the master comes back online, it notices that the slave nodes version differs from its own.
It then stops the services on the slave node and services all incoming requests itself.
10. Log in to AMC on the slave node and then, on the AMC Home page, click Update.
12. Click Install Update.
When the update to the slave node completes and the slave node comes back online, it rejoins the cluster and
is synchronized with the master node. The load balancer is then aware that both nodes are available to service
requests.
13. Make sure that the update succeeded by verifying in AMC on both nodes that the Version number is
10.5-<three-digit build number>. For hotfix information, click the hotfixes link next to the version number.
Working With Hotfixes on the Command Line
To verify the current version and hotfixes:
From the main navigation menu in AMC, click System Status. In addition to the version number, the System
Status and Maintenance pages display a list of any hotfixes that have been applied.
To install a hotfix:
To apply a hotfix, run the following steps, replacing the examples with the actual file name for the hotfix:
1. Log in to your MySonicWALL account and select Support > Knowledge Portal in the left navigation pane.
2. Locate the hotfix script file, in the format clt-hotfix-9_0_x-0xx.gz, and copy it to the root folder (/) on the
appliance.
3. Log in to the appliance, or to the master node of a pair, via SSH or serial connection as root.
4. Change directory to the root folder (/) with the command: cd /
5. Decompress the archive with the command: gzi p - d cl t - hot f i x- 9_0_x- 0xx. gz
6. Mark the hotfix script as executable with the command: chmod a+x cl t - hot f i x- 9_0_x- 0xx
7. Execute the hotfix script: . / cl t - hot f i x- 9_0_4- 002 i
8. Reboot the appliance.
9. Repeat steps 1-7 on slave node (if applicable).
The hotfix script will perform certain actions, including the following:
Backs up existing files.
Replaces files with updated ones containing the fix.
Restarts snmp and servicemgr services.
To restore to the previous state:
If you wish to restore the appliance to the state it was in before applying the hotfix, run the following steps,
replacing the examples with the actual file name for the hotfix:
1. Log in to the appliance, or to the master node of a pair, via SSH or serial connection as root.
2. Change directory with the command: cd / var / l i b/ avent ai l / avp/ r ol l back
3. Uncompress the rollback script with the command: gzi p - d cl t - hot f i x- 9_0_x- 0xx. 0. 0. gz

8
232-000953-00 Rev A
Upgrade Guide
4. Run the rollback script with the command: . / cl t - hot f i x- 9_0_x- 0xx- r ol l back1. 0. 0 i
5. Reboot the appliance.
6. Repeat steps 1-5 on slave node (if applicable).
Importing Your SonicWALL Aventail License
If you are upgrading from version 9.0.x to a later version of the firmware, your existing license will work
automatically; you do not need to re-import it. Here are a few situations in which importing a license is necessary:
You have bought a new license.
You are upgrading from a pre-9.0 version of the SonicWALL Aventail firmware; in this case you must obtain a
new license and import it.
The process for importing a license file is described in detail in the online help for the Aventail Management
Console (AMC). Briefly, the steps are as follows:
1. From the main navigation menu in AMC, click General Settings, and then click Edit in the Licensing area. The
Manage Licenses page appears.
2. Click Import License.
3. In the License fil e box, type the path for the license file you retrieved from your MySonicWALL account, or click
Browse to locate it.
4. Click Upload, and then apply the change by clicking the Pending changes link in the upper-right corner.
Note: When you upload a Spike License, the countdown of the number of days it is valid begins once you
activate it and apply the pending change in AMC. Dont click the Activate link until you are ready to start using
the Spike License.

_____________________
Last updated: 7/9/2012

SonicWALL Aventail 10.5.6 Upgrade Guide

Enviado por

Dados do documento

Descrição original:

Direitos autorais

Formatos disponíveis

Compartilhar este documento

Compartilhar ou incorporar documento

Opções de compartilhamento

Você considera este documento útil?

Este conteúdo é inapropriado?

Direitos autorais:

Formatos disponíveis

SonicWALL Aventail 10.5.6 Upgrade Guide

Enviado por

Direitos autorais:

Formatos disponíveis

Secure Remote Access SonicWALL Aventail E-Class SRA EX-Series 10.5.

Você também pode gostar