![]() |
![]() |
![]() |
Upgrading Content Gateway to v8.0.x > Preparing to upgrade
|
If you customized your 7.8.2 or higher deployment to support an external load balancer and IWA user authentication (see this knowledge base article), the configuration is preserved during upgrade to version 8.0.x. You do not need to re-apply the custom configuration. You should, however, test your deployment to verify that the load balancer is performing as expected.
|
![]() |
Certified on Red Hat Enterprise Linux, updates 4 and 5
|
![]() |
Supported on Red Hat Enterprise Linux and CentOS 6, updates 3, 4, and 5
|
|
|||
At the beginning of the upgrade procedure, the installer checks to see if the partition that hosts /opt has enough space to hold a copy of the existing Content Gateway log files (copied to /opt/WCG_tmp/logs). If there's not enough space, the installer prints an error message and quits.
In this situation, if you want to retain the log files you must copy the contents of /opt/WCG/logs to a location that has enough space, and then delete the log files in /opt/WCG/logs.
When the upgrade is complete, move the files from the temporary location back to /opt/WCG/logs and delete the files in the temporary location.
|
If you have multiple Content Gateway instances deployed in a cluster, you do not have to disable clustering or VIP (if used). As each member of the cluster is upgraded it will rejoin the cluster.
|
1.
|
If your v7.8.x Web Security Gateway solution is deployed with Data Security, log on to the Content Gateway manager and go to the Configure > My Proxy > Basic page and disable Data Security.
|
a.
|
At a command prompt, enter service iptables status to determine if the firewall is running.
|
b.
|
If the firewall is running, enter service iptables stop.
|
c.
|
4.
|
Download the Content Gateway version 8.0.x installer from mywebsense.com and save it to a temporary directory. For example, place it in:
|
Up to the point that you are prompted to confirm your intent to upgrade, you can quit the installer by pressing CTRL+C. If you change your mind after you choose to continue, do not use CTRL+C to stop the process. Instead, allow the installation to complete and then uninstall.
|
9.
|
Read the subscription agreement. At the prompt, enter y to accept the agreement and continue the upgrade, or n to cancel.
|
13.
|
If you answered y at Step 11, then you can also leave proxy settings at their current values or revert to Websense default values (which perform a fresh install!).
|
If Content Gateway fails to complete startup after upgrade, check for the presence of the no_cop file. Look for:
|
1.
|
If at the start of the upgrade process you manually moved your existing log files to a temporary location, move them back to /opt/WCG/logs and delete the files in the temporary location.
|
2.
|
Register Content Gateway nodes in the Web module of TRITON Manager on the Settings > Content Gateway Access page. Registered nodes add a link to the Content Gateway manager logon portal and provide a visual system health indicator: a green check mark or a red X.
|
3.
|
a.
|
5.
|
If you use proxy user authentication, review the settings on the Global Authentication Options page (Configure > Security > Access Control > Global Configuration Options).
|
6.
|
If you use IWA user authentication, confirm that the AD domain is still joined. Go to Monitor > Security > Integrated Windows Authentication. If it is not joined, rejoin the domain. Go to Configure > Security > Access Control > Integrated Windows Authentication.
|
7.
|
If you use Rule-Based Authentication, review your configuration. Go to Configure > Security > Access Control.
|
a.
|
Check the Domains page.
|
![]() |
Go to the Authentication Rules page and enter the editor.
|
![]() |
Check that the expected domain is in the Auth Sequence list.
|
![]() |
Go to Configure > My Proxy > Basic, ensure that Web DLP: Integrated on-box is enabled, and click Apply.
|
![]() |
Next to Integrated on-box, click the Not registered link. This opens the Configure > Security > Web DLP registration screen.
|
![]() |
Click Register. If registration is successful, a message confirms the result and prompts you to restart Content Gateway. If registration fails, an error message indicates the cause of failure. Correct the problem and perform the registration process again.
|
b.
|
Select the Data tab.
|
c.
|
Select Settings > Deployment > System Modules.
|
e.
|
Click Deploy.
|
10.
|
If Web Security Gateway Anywhere and Data Security were deployed together and configured to use the on-box policy engine, and then reconfigured during upgrade or later to use the ICAP interface, the Content Gateway instance may need to be deleted from the list of TRITON AP-DATA (formerly Data Security) system modules or the deployment will fail. Go to the Data > Settings > Deployment > System Modules page, click on the affected Content Gateway instance to open its Details page, click Delete and then Deploy.
|
12.
|
If your 7.8.2 or higher explicit proxy deployment was customized to support an external load balancer with IWA user authentication (see this knowledge base article), the configuration is preserved during upgrade to version 8.0.x. You do not need to re-apply the custom configuration. You should, however, test your deployment to verify that the load balancer is performing as expected.
|
![]() |
![]() |
![]() |
Upgrading Content Gateway to v8.0.x > Preparing to upgrade
|