![]() |
SSL inbound*.log and outbound*.log files are deleted. After upgrade, transaction logging is sent to extended.log or squid.log when the logging subsystem is configured for "Log Transactions and Errors" or "Log Transactions Only". Otherwise, logging is sent to content_gateway.out.
|
2.
|
![]() |
Certified on Red Hat Enterprise Linux, updates 4 and 5
|
![]() |
Supported on Red Hat Enterprise Linux and CentOS 6, updates 0, 1, 2, 3, 4, and 5
|
|
|||
![]() |
For Content Gateway v7.7.x hosted on Red Hat Enterprise Linux 6 series, see the section "Content Gateway: RHEL 6 upgrade instructions" below.
|
![]() |
For Content Gateway v7.7.x hosted on Red Hat Enterprise Linux 5 series, see the section "Content Gateway: Upgrade Red Hat Enterprise Linux 5-series to 6-series during the Content Gateway upgrade" below.
|
At the beginning of the upgrade procedure, the installer checks to see if the partition that hosts /opt has enough space to hold a copy of the existing Content Gateway log files (copied to /opt/WCG_tmp/logs). If there's not enough space, the installer prints an error message and quits.
In this situation, if you want to retain the log files you must copy the contents of /opt/WCG/logs to a location that has enough space, and then delete the log files in /opt/WCG/logs.
When the upgrade is complete, move the files from the temporary location back to /opt/WCG/logs and delete the files in the temporary location.
|
If you have multiple Content Gateway instances deployed in a cluster, you do not have to disable clustering or VIP (if used). As each member of the cluster is upgraded it will rejoin the cluster.
|
1.
|
If your Web Security Gateway solution is deployed with Data Security, log on to the Content Gateway manager and go to the Configure > My Proxy > Basic page and disable Data Security.
|
a.
|
At a command prompt, enter service iptables status to determine if the firewall is running.
|
b.
|
If the firewall is running, enter service iptables stop.
|
c.
|
4.
|
Download the Content Gateway version 7.8.x installer from mywebsense.com and save it to a temporary directory. For example, place it in:
|
Up to the point that you are prompted to confirm your intent to upgrade, you can quit the installer by pressing CTRL+C. If you change your mind after you choose to continue, do not use CTRL+C to stop the process. Instead, allow the installation to complete and then uninstall.
|
9.
|
Read the subscription agreement. At the prompt, enter y to accept the agreement and continue the upgrade, or n to cancel.
|
13.
|
If you answered y at Step 11, then you can also leave proxy settings at their current values or revert to Websense default values (which perform a fresh install!).
|
If Content Gateway fails to complete startup after upgrade, check for the presence of the no_cop file. Look for:
|
If you want to retain the existing Content Gateway log files (in /opt/WCG/logs), determine their total size, identify a location on your network that has enough space to hold the files, and copy them there.
|
1.
|
Log on to the Content Gateway v7.7.x host and acquire root privileges. All steps must be performed as root.
|
2.
|
Obtain the Content Gateway v7.8.x gzip installation file, place it on the v7.7.x machine, and use the v7.8.x wcg_config_utility.sh script and configFiles.txt support file to backup your system.
|
a.
|
Download the Content Gateway v7.8.x installer from mywebsense.com. Save it in a convenient location on the network; you'll need it again later. Place a copy in a temporary directory on your Content Gateway server (the Red Hat Enterprise Linux 5-series system). For example, place it in:
|
c.
|
In /tmp/wcg_v78 unpack lx86inst.tar:
|
e.
|
Using wcg_config_utility.sh create a backup of Content Gateway v7.7.x and save it to a trusted location on the network:
|
3.
|
Copy WCGbackup.tar.gz to a reliable location on the network where it can easily be retrieved after the operating system upgrade.
|
4.
|
Content Gateway is designed to run on Red Hat Enterprise Linux, Basic Server package. This is the default installation configuration and must be confirmed.
|
7.
|
In the directory where you downloaded the WebsenseCG78Setup_Lnx.tar.gz tar archive, begin the installation, and respond to the prompts to configure the application.
|
Up to the configuration summary, you can quit the installer by pressing CTRL-C. If you choose to continue the installation past the configuration summary and you want to quit, do not use CTRL-C. Instead, allow the installation to complete and then uninstall it.
|
9.
|
Read the subscription agreement. At the prompt, enter y to continue installation or n to cancel installation.
|
The password length must be 16 characters or less. Also, it cannot contain the following characters:
|
Although it might be listed as available, do not use an LVM (Logical Volume Manager) volume as a cache disk.
|
e.
|
Continue based on your choice in Step b, pressing X when you have finished configuring cache disks.
|
If you enter y to proceed but you decide you want to cancel the installation, do not attempt to quit the installer by pressing CTRL-C. Allow the installation to complete. Then uninstall it.
|
24.
|
Copy the WCGbackup.tar.gz file, saved in step 3, to:
|
If Content Gateway fails to complete startup after upgrade, check for the presence of the no_cop file. Look for:
|
1.
|
If at the start of the upgrade process you manually moved your existing log files to a temporary location, move them back to /opt/WCG/logs and delete the files in the temporary location.
|
2.
|
Register Content Gateway nodes in the Web Security manager on the Settings > Content Gateway Access page. Registered nodes add a link to the Content Gateway Manager logon portal and provide a visual system health indicator: a green check mark or a red X.
|
3.
|
a.
|
5.
|
If you use proxy user authentication, review the settings on the Global Authentication Options page (Configure > Security > Access Control > Global Configuration Options).
|
6.
|
If you use IWA user authentication, confirm that the AD domain is still joined. Go to Monitor > Security > Integrated Windows Authentication. If it is not joined, rejoin the domain. Go to Configure > Security > Access Control > Integrated Windows Authentication.
|
7.
|
If you use Multiple Realm Authentication rules, review the converted Rule-Based Authentication configuration. Go to Configure > Security > Access Control.
|
a.
|
Check the Domains page.
|
![]() |
IWA domains that were joined before upgrade should still be joined. Select each domain, click Edit and give each domain a unique Domain Identifier.
|
![]() |
LDAP and Legacy NTLM domains should be listed. Select each domain, click Edit and give each domain a unique domain identifier.
|
![]() |
Go to the Authentication Rules page and enter the editor.
|
![]() |
Check that the expected domain is in the Auth Sequence list.
|
![]() |
![]() |
Go to Configure > My Proxy > Basic, ensure that Data Security: Integrated on-box is enabled, and click Apply.
|
![]() |
Next to Integrated on-box, click the Not registered link. This opens the Configure > Security > Data Security registration screen.
|
![]() |
Click Register. If registration is successful, a message confirms the result and prompts you to restart Content Gateway. If registration fails, an error message indicates the cause of failure. Correct the problem and perform the registration process again.
|
b.
|
Select the Data Security tab.
|
c.
|
Select Settings > Deployment > System Modules.
|
e.
|
Click Deploy.
|
11.
|
If Web Security Gateway Anywhere and Data Security are deployed together and configured to use the on-box policy engine, and then reconfigured during upgrade or later to use the ICAP interface, the Content Gateway instance must be deleted from the list of Data Security system modules or the deployment will fail. Go to the Data Security > Settings > Deployment > System Modules page, click on the affected Content Gateway instance to open its Details page, click Delete and then Deploy.
|