|
|||
![]() |
In addition, to support transparent proxy deployments:
|
|
|||
At the beginning of the upgrade procedure, the installer checks to see if the partition that hosts /opt has enough space to hold a copy of the existing Content Gateway log files (copied to /opt/WCG_tmp/logs). If there's not enough space, the installer prints an error message and quits.
In this situation, if you want to retain the log files you must copy the contents of /opt/WCG/logs to a location that has enough space, and then delete the log files in /opt/WCG/logs.
When the upgrade is complete, move the files from the temporary location back to /opt/WCG/logs and delete the files in the temporary location.
|
If you have multiple Content Gateway instances deployed in a cluster, you do not have to disable clustering or VIP (if used). As each member of the cluster is upgraded it will rejoin the cluster.
|
b.
|
Navigate to the Configure > My Proxy > Basic page.
|
c.
|
d.
|
Return to the Configure > My Proxy > Basic page.
|
e.
|
Enable the new Web DLP option.
|
a.
|
At a command prompt, enter service iptables status to determine if the firewall is running.
|
b.
|
If the firewall is running, enter service iptables stop.
|
c.
|
4.
|
Use the Downloads tab of the My Account page at forcepoint.com to download the Content Gateway version 8.4.x installer, and save it to a temporary directory. For example, place it in:
|
Up to the point that you are prompted to confirm your intent to upgrade, you can quit the installer by pressing CTRL+C. If you change your mind after you choose to continue, do not use CTRL+C to stop the process. Instead, allow the installation to complete and then uninstall.
|
9.
|
Read the subscription agreement. At the prompt, enter y to accept the agreement and continue the upgrade, or n to cancel.
|
13.
|
If you answered y at Step 11, then you can also leave proxy settings at their current values or revert to default values (which perform a fresh install!).
|
If Content Gateway fails to complete startup after upgrade, check for the presence of the no_cop file. Look for:
|
1.
|
If at the start of the upgrade process you manually moved your existing log files to a temporary location, move them back to /opt/WCG/logs and delete the files in the temporary location.
|
2.
|
Register Content Gateway nodes in Forcepoint Security Manager on the Web > Settings > Content Gateway Access page.
|
3.
|
Configure Content Gateway system alerts on the Settings > Alerts > System page in the Security Manager.
|
a.
|
5.
|
If you use proxy user authentication, review the settings on the Global Authentication Options page (Configure > Security > Access Control > Global Configuration Options).
|
6.
|
If you use IWA user authentication, confirm that the AD domain is still joined. Go to Monitor > Security > Integrated Windows Authentication. If it is not joined, rejoin the domain. Go to Configure > Security > Access Control > Integrated Windows Authentication.
|
7.
|
If you use Rule-Based Authentication, review your configuration. Go to Configure > Security > Access Control.
|
a.
|
Check the Domains page.
|
![]() |
Go to the Authentication Rules page and enter the editor.
|
![]() |
Check that the expected domain is in the Auth Sequence list.
|
![]() |
Go to Configure > My Proxy > Basic, ensure that Web DLP: Integrated on-box is enabled, and click Apply.
|
![]() |
Next to Integrated on-box, click the Not registered link. This opens the Configure > Security > Web DLP registration screen.
|
![]() |
Click Register. If registration is successful, a message confirms the result and prompts you to restart Content Gateway. If registration fails, an error message indicates the cause of failure. Correct the problem and perform the registration process again.
|
b.
|
d.
|
Click Deploy.
|
10.
|
If web and data protection products were deployed together and configured to use the on-box policy engine, and then reconfigured during upgrade or later to use the ICAP interface, the Content Gateway instance may need to be deleted from the list of Forcepoint DLP system modules or the deployment will fail. Go to the Data > Settings > Deployment > System Modules page, click on the affected Content Gateway instance to open its Details page, click Delete and then Deploy.
|
![]() |
Send authentication to parent proxy, configured on the Configure > My > Proxy > Basic > General page
|
![]() |
X-Forwarded-For, enabled on the Configure > Perotocols > HTTP > Privacy
|
14.
|
The Tunnel Skype option on the Configure > Protocols > HTTPS page of Content Gateway Manager was removed in v8.3. Variables stored in the records.config file that apply to Skype are removed during upgrades from v7.8.4, v8.1, and v8.2.
|
15.
|
The settings on the Configure > Networking > Connection Management > Low Memory Mode page of Content Gateway manager was removed in v8.3. Corresponding variables stored in the records.config file are removed by upgrades from v7.8.4, v8.1, and v8.2.
|
16.
|
If LOW encryption cipher suites was previously selected on the Configure > SSL > Decryption/Encryption > Inbound or Outbound pages of Content Gateway manager, upgrades from v7.8.4, v8.1, or v8.2 will change the setting to MEDIUM. LOW is no longer a valid option on those pages.
|
17.
|
During upgrades from v7.8.4, v8.1, or v8.2, the Enable the certificate verification engine on the Configure > SSL > Validation > General page of Content Gateway manager will be changed to ON for any customer who does not already have the feature enabled.
|
![]() |
The Network Address Translation (NAT) section of the Configure > Networking > ARM > General page has been renamed to Redirection Rules to better reflect the contents of the table.
|
![]() |
Be inserted after Forecepoint rules.
|