Deployment and Installation Center
Websense TRITON Enterprise v7.6.x

Go to the table of contents Go to the previous page Go to the next page Go to the index
Upgrading Websense Content Gateway to v7.6.2

Upgrading Websense Content Gateway to v7.6.2
This section of the Websense Technical Library covers upgrading software-based Websense Content Gateway installations (i.e., not running on a Websense appliance).
Perform an upgrade by running the Content Gateway installer on a machine with a previous version of Content Gateway installed. The installer detects the presence of Content Gateway and upgrades it to the current version.
Important 
The installation location of Content Gateway is made uniform in 7.6.2. The default location, /opt/WCG, is the actual location of every 7.6.2 installation post-upgrade. The upgrade process detects installations in other locations and moves the installation to /opt/WCG.
Important:
In 7.6.2, in explicit proxy deployments, when HTTPS (SSL Manager) is enabled, PAC files and browsers must be configured to send HTTPS traffic to Content Gateway on port 8080. The ipnat.config rule that was used in previous releases to redirect traffic from 8070 to 8080 has been removed.
Note 
Follow the upgrade procedures documented with each intermediate version. To perform an intermediate upgrade, download the installer package for the intermediate version from the Websense Downloads site:
Important 
When performing intermediate upgrades, be sure to read the Websense Content Gateway Installation Guide and its upgrade supplement for each upgrade version. They contain important information specific to upgrading between particular versions that may not be found in this version of the upgrade supplement.
Before upgrading Content Gateway, make sure the installation machine meets the system recommendations in System requirements for Websense Content Gateway, including hardware specifications, operating system, and browser.
*
If upgrading Red Hat Enterprise Linux, upgrade the operating system before upgrading Content Gateway. The Content Gateway installer installs a version of ARM that is compatible with the current Red Hat kernel version.
*
If configured, disable Virtual IP failover and leave it disabled until all members of the cluster are upgraded and clustering has been re-enabled.
*
If configured, disable clustering and leave clustering disabled until all members of the cluster are upgraded. All cluster members must run the same version of Content Gateway and should, therefore, be upgraded at the same time. When all nodes are upgraded, re-enable clustering and restart Content Gateway (restarting any node causes all nodes to restart).
Websense Content Gateway is the Web proxy component of Websense Web Security Gateway and Websense Web Security Gateway Anywhere. Websense Web Security components must be upgraded prior to upgrading Content Gateway. To upgrade Websense Web Security, run the Websense installer on each machine running Websense Web Security components. Distributed components must be upgraded in a particular order. See Websense Web Security and Websense Web Filter Installation Guide.
Warning 
Snapshots saved in /opt/WCG/config/snapshots are not saved during the upgrade procedure. To preserve your snapshots, manually copy them to a temporary location and copy them back after the upgrade is complete.
Note: /opt/WCG is the version 7.6.2 installation location.
Important 
If Content Gateway fails to complete startup after upgrade, check for the presence of the no_cop file. Look for:
2.
Disable any currently running firewall on this machine for the duration of the Content Gateway upgrade. Bring the firewall back up after upgrade is complete, opening ports used by Content Gateway.
a.
At a command prompt, enter service iptables status to determine if the firewall is running.
b.
c.
After upgrade, restart the firewall. In the firewall, be sure to open the ports used by Content Gateway on this machine. See Ports for more information.
tar -xvzf <installer tar archive>
Important 
If SELinux is enabled, set it to permissive, or disable it before installing Content Gateway. Do not install or run Content Gateway with SELinux enabled.
5.
In the directory where you unpacked the tar archive, begin the upgrade, and respond to the prompts to configure the application.
Note 
Up to the point that you are prompted to confirm your desire to upgrade, you can quit the installer by pressing CTRL+C. If you change your mind after you choose to continue, do not use CTRL+C to stop the process. Instead, allow the installation to complete and then uninstall it.
Enter n to quit the installer, and return to the system prompt.
Enter y to continue the upgrade. If you choose to run Content Gateway after receiving this warning, performance may be affected.
7.
Enter y to use previous installation selections.
Enter n to revert to Websense default values, and receive all installation questions and answer them again.
11.
If you answered y at Step 10, then you can also leave proxy settings at their current values or revert to Websense default values.
Enter y to keep the proxy settings as they are.
Enter n to restore Websense default settings for the proxy.
12.
The previously installed version of Websense Content Gateway is removed, and the settings and selections you chose to retain are re-used. Wait.
Follow these steps to start the Websense Content Gateway management interface (Content Gateway Manager):
2. Enter the IP address of the Websense Content Gateway server, followed by a colon and the management interface port (8081 for this installation). For example: https://11.222.33.44:8081.
14.
If you answered n at Step 10, the current version of Websense Content Gateway is removed, and a fresh install of 7.6.2 begins. See the Websense Content Gateway chapter of this document for a detailed description of the installation procedure.
Important 
If Content Gateway fails to complete startup after upgrade, check for the presence of the no_cop file. Look for:
In version 7.6.2, when using Content Gateway with TRITON - Web Security it is not necessary to enter a subscription key. The key is automatically fetched from TRITON - Web Security.
1.
If at the start of the upgrade process you manually moved your existing log files to a temporary location, move them back to /opt/WCG/logs and delete the files in the temporary location.
2.
If at the start of the upgrade procedure you manually moved your existing snapshot files to a temporary location, copy them back to /opt/WCG/config/snapshots and delete them from the temporary location.
3.
Register Content Gateway nodes in TRITON - Web Security on the Settings > Content Gateway Access page. Registered nodes add a link to the Content Gateway Manager logon portal and provide a visual system health indicator, a green check mark or a red X icon.
4.
Configure Content Gateway system alerts in TRITON - Web Security. Select Content Gateway system alerts are now sent to TRITON - Web Security (in addition to Content Gateway Manager). To configure which alerts are sent, in TRITON - Web Security go to the Settings > Alerts > System page.
5.
If Content Gateway user authentication was used, it must be reconfigured. This includes LDAP, RADIUS, NTLM, and multiple realm rules. For an overview of 7.6.x features, see Proxy user authentication.
6.
If access control filtering rules (filter.config) were defined, they must be recreated. It will be helpful to work from the file you saved before upgrading, but filtering rules should be recreated in the filter.config rule editor in Content Gateway Manager. See Filtering Rules.


Go to the table of contents Go to the previous page Go to the next page Go to the index
Upgrading Websense Content Gateway to v7.6.2