|
|
|
Make a record of current IWA Settings prior to upgrade to be restored during Post-upgrade activities. For more information, see Integrated Windows Authentication in Content Gateway Manager Help.
|
|
|
4.
|
Copy WCGbackup.tar.gz to a reliable location on the network where it can easily be retrieved after the operating system upgrade.
|
5.
|
Content Gateway is designed to run on Red Hat Enterprise Linux, Basic Server package. This is the default installation configuration and must be confirmed.
|
9.
|
Copy WCGbackup.tar.gz, that was saved in step 4, to:
|
Before you begin, ensure that /tmp has enough free space to hold the existing Content Gateway log files. During the upgrade procedure, the installer temporarily copies log files located in /opt/WCG/logs to /tmp. If the /tmp partition does not have enough available space and becomes full, the upgrade will fail.
If you determine that /tmp does not have enough space, manually move the contents of /opt/WCG/logs to a partition that has enough space and then delete the log files in /opt/WCG/logs. Run the installer to perform the upgrade. When the upgrade is complete, move the log files from the temporary location back to /opt/WCG/logs and delete the files in the temporary location.
For step-by-step instructions, see the Knowledge Base article titled Upgrading can fail if the /tmp partition becomes full.
Note: /opt/WCG is the version 7.6 installation location.
|
a.
|
At a command prompt, enter service iptables status to determine if the firewall is running.
|
b.
|
If the firewall is running, enter service iptables stop.
|
c.
|
4.
|
Download the Content Gateway version 7.7.x installer from mywebsense.com and save it to a temporary directory. For example:
|
Up to the point that you are prompted to confirm your intent to upgrade, you can quit the installer by pressing CTRL+C. If you change your mind after you choose to continue, do not use CTRL+C to stop the process. Instead, allow the installation to complete and then uninstall it.
|
8.
|
Read the subscription agreement. At the following prompt, enter y to accept the agreement and continue the upgrade, or n to cancel.
|
12.
|
If you answered y at Step 11, then you can also leave proxy settings at their current values or revert to Websense default values.
|
13.
|
If you answered n at Step 11, the current version of Websense Content Gateway is removed, and a fresh install of 7.7.x begins. See Installing Websense Content Gateway for a detailed description of the installation procedure.
|
If Content Gateway fails to complete startup after upgrade, check for the presence of the no_cop file. Look for:
|
18.
|
1.
|
If at the start of the upgrade process you manually moved your existing log files to a temporary location, move them back to /opt/WCG/logs and delete the files in the temporary location.
|
2.
|
Register Content Gateway nodes in TRITON - Web Security on the Settings > Content Gateway Access page. Registered nodes add a link to the Content Gateway Manager logon portal and provide a visual system health indicator, a green check mark or a red X icon.
|
3.
|
4.
|
If you were using Integrated Windows Authentication (IWA), re-enable it and join Content Gateway to the Windows Domain. Configure IWA using the settings you recorded prior to upgrade. See Configuring Integrated Windows Authentication in Content Gateway Manager Help.
|
7.
|
If Web Security Gateway Anywhere and Data Security are deployed together and upgraded to version 7.7, you must remove stale entries of Content Gateway instances registered in Data Security system modules. From the TRITON Console, go to Data Security > Settings > Deployment > System Modules and delete instances that display an old version number.
|
8.
|
If Web Security Gateway Anywhere and Data Security are deployed together and configured to use the on-box policy engine, and then reconfigured during upgrade or later to use the ICAP interface, the Content Gateway instance must be deleted from the list of Data Security system modules or the deployment will fail. Go to the Data Security > Settings > Deployment > System Modules page, click on the affected Content Gateway instance to open its Details page, click Delete and then Deploy.
|
9.
|
Complete support for GRE Return Method with WCCP is added in version 7.7.
|
If you are using WCCP with Cisco ASA, after the upgrade your configuration continues to perform as it did with v7.6.x.
In version 7.7.0, should you need to reconfigure Content Gateway to work with your ASA device, set the Forward and Return Method to L2. This forces Content Gateway to negotiate the correct supported method.
In version 7.7.3 and beyond, should you need to reconfigure Content Gateway to work with your ASA device, access the Service group settings and select ASA Firewall from the Special Device Profile drop down box instead of individually selecting the GRE forward and return methods. This automatically selects the Packet Forward Method and Packet Return Method and sets some proxy internals.
|