Applies to:	In this topic
Web Security Gateway and Web Security Gateway Anywhere v7.7.x and earlier	System requirements Versions supported for direct upgrade to v7.8.1 Upgrading distributed components Preparing to upgrade Upgrading Websense Content Gateway Post-upgrade activities

Note  Upgrading Content Gateway on a V-Series appliance is handled by the V-Series upgrade (patch) process. See Upgrading V-Series Appliances to v7.8.x.

Important  Follow the upgrade procedures for each intermediate version. Read the Websense Content Gateway Installation Guide and its upgrade supplement for each version. See: Version 7.5 Content Gateway Installation Guide Version 7.6 Content Gateway Installation Guide Version 7.7 Content Gateway Installation Guide

Important  If your deployment uses IWA and a load balancer: Version 7.8.1 does not support the configuration. Versions 7.8.2 and 7.8.3 support load balancers, however, post-upgrade a special configuration must be applied. Follow the configuration steps described in the v7.8.2 Release Notes or the v7.8.3 Release Notes.

CPU	Quad-core running at 2.8 GHz or faster
Memory	6 GB minimum 8 GB recommended
Disk Space	2 disks: 100 GB for the operating system, Content Gateway, and temporary data.
	Max 147 GB for caching If caching will not be used, this disk is not required. The caching disk: Should be at least 2 GB and no more than 147 GB Must be a raw disk, not a mounted file system Must be dedicated Must not be part of a software RAID Should be, for best performance, a 10K RPM SAS disk on a controller that has at least 64 MB of write-through cache
Network Interfaces	2

Router

Must support WCCP v2. A Cisco router must run IOS 12.2 or later. The latest version is recommended. Client machines, the destination Web server, and Content Gateway must reside on different subnets.

—or— Layer 4 switch

You may use a Layer 4 switch rather than a router. To support WCCP, a Cisco switch requires the EMI or IP services image of the 12.2SE IOS release (or later). Websense Content Gateway must be Layer 2 adjacent to the switch. The switch must be able to rewrite the destination MAC address of frames traversing the switch. The switch must be able to match traffic based on the layer 4 protocol port (i.e., TCP port 80).

Important  At the beginning of the upgrade procedure, the installer checks to see if the partition that hosts /opt has enough space to hold a copy of the existing Content Gateway log files (copied to /opt/WCG_tmp/logs). If there's not enough space, the installer prints an error message and quits. In this situation, if you want to retain the log files you must copy the contents of /opt/WCG/logs to a location that has enough space, and then delete the log files in /opt/WCG/logs. When the upgrade is complete, move the files from the temporary location back to /opt/WCG/logs and delete the files in the temporary location.

Note  If you have multiple Content Gateway instances deployed in a cluster, you do not have to disable clustering or VIP (if used). As each member of the cluster is upgraded it will rejoin the cluster.

Important  If SELinux is enabled, set it to permissive, or disable it before installing Content Gateway. Do not install or run Content Gateway with SELinux enabled.

Note  Up to the point that you are prompted to confirm your intent to upgrade, you can quit the installer by pressing CTRL+C. If you change your mind after you choose to continue, do not use CTRL+C to stop the process. Instead, allow the installation to complete and then uninstall.

Important  If Content Gateway fails to complete startup after upgrade, check for the presence of the no_cop file. Look for: /opt/WCG/config/internal/no_cop If the file exists, remove it and start Content Gateway: /opt/WCG/WCGAdmin start

Important  If you want to retain the existing Content Gateway log files (in /opt/WCG/logs), determine their total size, identify a location on your network that has enough space to hold the files, and copy them there. When the upgrade is complete, copy the files back to /opt/WCG/logs and delete the files from the temporary location.

Note  You can only revert to the original machine if the other Web Security components are also reverted to the matching (original) 7.7.x version. When that is the case, you can simply reconnect the Content Gateway host machine to the network and power up. Content Gateway v7.7.x will re-register with Web Security. If you want to repurpose the machine, do not reconnect it to the network until after you have uninstalled Content Gateway and assigned the machine a new IP address and hostname.

Note  Content Gateway is designed to run on Red Hat Enterprise Linux, Basic Server package. This is the default installation configuration and must be confirmed. For information on installing Red Hat Enterprise Linux 6, see Red Hat Enterprise Linux 6 Installation Guide. For a list of required libraries, see Required libraries in Red Hat Enterprise Linux 6.

Note  Up to the configuration summary, you can quit the installer by pressing CTRL-C. If you choose to continue the installation past the configuration summary and you want to quit, do not use CTRL-C. Instead, allow the installation to complete and then uninstall it. If you want to change your answer to any of the installer prompts, you will be given a chance to start over at the first prompt once you reach the configuration summary; you do not have to quit the installer.

Important  The password length must be 16 characters or less. Also, it cannot contain the following characters: space $ (dollar symbol) : (colon) ' (backtick; typically shares a key with tilde, ~) \ (backslash) " (double-quote)

Note  As you type a password, it may seem that nothing is happening—the cursor will not move nor will masked characters be shown—but the characters are being accepted. After typing a password, press Enter. Then repeat to confirm it.

Note  If you choose to not enable raw disk cache now, cache disks may be added after Content Gateway has been installed. For instructions, see Content Gateway Manager Help.

Warning  Although it might be listed as available, do not use an LVM (Logical Volume Manager) volume as a cache disk.

Important  If you enter y to proceed but you decide you want to cancel the installation, do not attempt to quit the installer by pressing CTRL-C. Allow the installation to complete. Then uninstall it.

Note  The subscription key is shared automatically with Content Gateway if it has already been specified in the Web Security manager. If you receive an email from Content Gateway (to the address you specified during installation) with "WCG license download failed" in the subject line, this alert does not mean a problem occurred with the installation. The alert indicates that your deployment may require you to manually enter the subscription key in Content Gateway Manager. See the Getting Started section of the Content Gateway Manager Help for information on entering your subscription key.

Important  If Content Gateway fails to complete startup after upgrade, check for the presence of the no_cop file. Look for: /opt/WCG/config/internal/no_cop If the file exists, remove it and start Content Gateway: /opt/WCG/WCGAdmin start