How it Works
Sonicwall
Loading...
AVENTAIL 10.5.1
GETTING STARTED GUIDE
92 pgs6.07 Mb0
INSTALLATION AND ADMINISTRATION GUIDE
472 pgs16.14 Mb0
Upgrade Guide
7 pgs129.96 Kb0
Table of contents
Loading...

Sonicwall AVENTAIL 10.5.1 Upgrade Guide

Download
U
Secure Remote Access
This document describes the process of installing a platform update on a SonicWALL Aventail E-Class SRA appliance. The procedure is summarized here and described in more detail below:
SonicWALL Aventail E-Class SRA EX-Series 10.5.1
rade Guide
Create a MySonicWALL (www.mysonicwall.com) account, if you don’t already have one. You need an account
in order to register your SonicWALL Aventail SSL VPN. Note: MySonicWALL registration information is not sold or shared with any other company.
Register your device on MySonicWALL. Registration provides access to essential resources, such as your
license file, firmware updates, documentation, and technical support information.
When you register, you are prompted to enter an authentication code. Obtain your update file, install it, and verify it.
Updating a clustered pair of SonicWALL Aventail appliances is described at the end of this document. For a complete list of known issues from previous versions that are fixed in this release, see the Release Notes.
See the following sections for detailed upgrade information:
Platform Compatibility................................................................................................................................................1
Upgrade Requirements..............................................................................................................................................2
Configuration Notes...................................................................................................................................................2
Creating a MySonicWALL Account ...........................................................................................................................3
Registering Your SonicWALL Aventail E-Class SRA Appliance...............................................................................3
Finding the Authentication Code for Your Appliance.................................................................................................3
Obtaining the Update File from MySonicWALL.........................................................................................................4
Installing the Update..................................................................................................................................................4
Verifying the Update..................................................................................................................................................5
Updating a Clustered Pair..........................................................................................................................................6
Importing Your SonicWALL Aventail License............................................................................................................7

Platform Compatibility

Version 10.5.1 of the SonicWALL Aventail E-Class SRA EX-Series is supported on the following appliances:
SonicWALL Aventail E-Class SRA EX7000  SonicWALL Aventail E-Class SRA EX6000  SonicWALL Aventail E-Class SRA EX-2500  SonicWALL Aventail E-Class SRA EX-1600  SonicWALL Aventail E-Class SRA EX-750
SonicWALL Aventail E-Class SRA EX-Series 10.5.1 Release
232-001895-00 Rev A
Upgrade Guide

Upgrade Requirements

The EX-Series appliance must be running the latest Hotfix version before upgrading from 9.0.0, 9.0.1, or 9.0.2 to
10.5.1. The required Hotfix for each version (9.0.x) is clt-hotfix-9_0_x-013. Appliances running versions 8.8.x or 8.9.x must be upgraded to the latest maintenance release of 9.0.x or 10.0.x
before installing 10.5.1.
To verify the current version and hotfixes:
From the main navigation menu in AMC, click System Status. In addition to the version number, the System Status and Maintenance pages display a list of any hotfixes that have been applied.
To install a hotfix:
To apply a hotfix, run the following steps, replacing the examples with the actual file name for the hotfix:
1. Log in to your MySonicWALL account and select Support > Knowledge Portal in the left navigation pane.
2. Locate the hotfix script file, in the format clt-hotfix-9_0_x-0xx.gz, and copy it to the root folde r (/) on the
appliance.
3. Log in to the appliance, or to the master node of a pair, via SSH or serial connection as root.
4. Change directory to the root folder (/) with the command: cd /
5. Decompress the archive with the command: gzip -d clt-hotfix-9_0_x-0xx.gz
6. Mark the hotfix script as executable with the command: chmod a+x clt-hotfix-9_0_x-0xx
7. Execute the hotfix script: ./clt-hotfix-9_0_4-002 –i
8. Reboot the appliance.
9. Repeat steps 1-7 on slave node (if applicable).
The hotfix script will perform certain actions such as the following:
Backs up existing files.
Replaces files with updated ones containing the fix.
Restarts snmp and servicemgr services.
To restore to the previous state:
If you wish to restore the appliance to the state it was in before applying the hotfix, run the following steps, replacing the examples with the actual file name for the hotfix:
1. Log in to the appliance, or to the master node of a pair, via SSH or serial connection as root.
2. Change directory with the command: cd /var/lib/aventail/avp/rollback
3. Uncompress the rollback script with the command: gzip -d clt-hotfix-9_0_x-0xx.0.0.gz
4. Run the rollback script with the command: ./clt-hotfix-9_0_x-0xx-rollback1.0.0 –i
5. Reboot the appliance.
6. Repeat steps 1-5 on slave node (if applicable).
A note about licensing requirements:
The licensing scheme for the E-Class SRA EX-Series changed in versio n 9.0.x. If you are upgrading from
version 8.8 or 8.9 to a later version, you must obtain a new license.

Configuration Notes

The OPSWAT Secure Desktop Emulator is currently provided as an early release and has a number of known
issues. See the SonicWALL Aventail 10.5.1 Release Notes for details.
Symantec OnDemand Protection is not supported in version 10.5.1. Before upgrading to 10.5.1 from 10.0.x and
earlier versions, disable Symantec OnDemand Protection for all End Point Control Zones. Otherwise, the upgrade will fail.
SonicWALL Aventail E-Class SRA EX-Series 10.5.1 Release
232-001895-00 Rev A
2
Upgrade Guide

Creating a MySonicWALL Account

If you don’t already have a MySonicWALL account, create one by completing an online registration:
1. In your Web browser, go to
2. In the User Login section, follow the link for users who are not yet registered.
3. Enter your account information, personal information, and preferences, and then click Submit. Be sure to use a valid email address.
4. Follow the prompts to finish creating your account. SonicWALL will send a subscription code to the email address you entered in step 3.
5. When you return to the login screen, log in with your new username and password.
6. Confirm your account by entering the subscription code you received by email.
www.mysonicwall.com.

Registering Your SonicWALL Aventail E-Class SRA Appliance

To register your appliance, perform the following steps:
1. In your Web browser, go to www.mysonicwall.com and log in with your username and password.
2. Locate your software serial number, which is printed on the back of your SonicWALL Aventail appliance.
3. Enter your serial number, and then click Next. Follow the on-screen instruction s.
4. Confirm your serial number.
5. Enter a name for this appliance.
6. If you are upgrading to version 10.5.1 from 8.8 or 8.9, you must also enter an authentication code (how to find the code is described in the next section).
7. Click Register to continue.
8. Follow the online prompts to fill out the survey and complete the registration process.

Finding the Authentication Code for Your Appliance

Your authentication code is the hardware identifier for your appliance, and it is displayed in one or two places, depending on your appliance model:
EX7000 and EX6000: Both your serial number and authentication code are printed on your appliance label;
they are also displayed on the General Settings page in AMC. Skip to the next section.
EX-2500, EX-1600, and EX-750: Your authentication code is the same as the MAC address of the internal
(eth0) network port. If you know how to obtain the MAC address for eth0, you can supply it to the mySonicWALL.com Web site and proceed to get your license before upgrading the appliance software.
If you are not comfortable doing this, the simplest way to find the code is to first upgrade your appliance to version 10.5.1, and then copy and paste it from AMC.
To get the authentication code/MAC address of your appliance, perform the following steps:
1. Install the 10.5.1 upgrade (see the steps in the next section, “Obtaining the Update File from
mySonicWALL.com”).
2. Click General Settings in the main navigation menu in AMC. On an appliance running 10.5.1, the
authentication code is shown in the Licensing area of that page: copy this code.
3. Log back in to mySonicWALL.com to retrieve your license file: select your appliance, and then paste its
authentication code into the corresponding text box.
SonicWALL Aventail E-Class SRA EX-Series 10.5.1 Release
232-001895-00 Rev A
3
Upgrade Guide

Obtaining the Update File from MySonicWALL

The next step is to obtain the update file and copy it to the file system of your local computer:
1. In your Web browser, go to
2. In the Downloads area, select your EX-Series software type from the drop-down list.
3. In the Available Software list, select the firmware item that corresponds to your appliance. You’ll be prompted to download a file named <part number>_upgrade-<n>_<n>_<n>_<three-digit build number>.bin file to your local computer.
www.mysonicwall.com and log in with your username and password.

Verifying the Downloaded Update File

To make sure that the update was successfully transferred to your local computer, compare its checksum against the MD5 checksum information displayed on MySonicWALL.
To verify the MD5 checksum of the upgrade file on a PC, use a Windows- or Java-based utility. Microsoft, for example, offers an unsupported command-line utility on their site named File Checksum Integrity Verifier (FCIV). Follow these steps to compare checksums using this utility:
1. At the DOS command prompt, type the following, which returns a checksum for the downloaded file:
fciv <upgrade_filename>.bin
2. Compare the result against the MD5 checksum displayed on MySonicWALL. If they match, you can safely continue with your update. If they differ, try the download again and compare the resulting checksums. If they still don’t match, contact Technical Support.
To verify the MD5 checksum directly on your SonicWALL Aventail appliance, type the following command to see the checksum for the downloaded file:
md5sum <upgrade_filename>.bin

Installing the Update

This section outlines the process of updating your system. Note: Starting in version 10.0.0, you can no longer configure CA eTrust SiteMinder as an authentication server on
the SonicWALL Aventail appliance. If your current configuration includes a SiteMinder server, remove it from your configuration before you back up your settings in preparation for installing the 10.5.1 update file; otherwise you will see an “Update failed” error message.

Backing Up Your Current Configuration

Before updating, it’s a good idea to back up the current configuration data from your appliance using the export feature in AMC. This step is optional, but recommended:
1. From the main AMC navigation menu, click Maintenance.
2. In the System configuration area, click Import/Export.
3. Click the Export button. A File Download dialog box prompts you to open the .aea file or save it to your hard drive.
Note: On Windows operating systems, Internet Explorer may block the download of the .aea file. To work around this, click the information bar that appears beneath the Internet Explorer Address box, and then click Download File.
4. Click Save, browse to the correct directory on your hard drive, and then save the .aea file.
5. Click OK on the Export Configuration page to return to the Import/Export page.
SonicWALL Aventail E-Class SRA EX-Series 10.5.1 Release
232-001895-00 Rev A
4
Upgrade Guide

Installing the Update File

Next, install the update using AMC:
1. From the main navigation menu in AMC, click Maintenance.
2. In the System software updates area, click Update.
3. If you have not already downloaded the update file (as described in “Obtaining the Update File”), clic k the mySonicWALL.com link and log in to download the appropriate update file to your local file system.
4. Type the path of the update file or click Browse to locate it.
5. Click Install Update. This step may take several minutes, depending on the network connection speed. After the file upload process is complete, the update is automatically installed on the appliance. You cannot
cancel this part of the installation process. The appliance automatically restarts when the installation is complete.

Restoring a Configuration

If the installation of the update file is interrupted or fails, restore a saved configuration (creating a backup, as described in “Backing Up Your Current Configuration Changes,” is highly recommended). To restore a configuration:
1. From the main navigation menu in AMC, click Maintenance.
2. In the System configuration area, click Import/Export.
3. In the File name box, type the path of the appropriate file (<appliance_name>-<date>-<nnn>.aea), or click Browse to locate it.
4. Click Import. To activate the imported configuration, you must apply changes.

Rolling Back to a Previous Version

From AMC, you can undo the most recent update installed on the system. If you experience problems after completing an update, you may want to use this feature to roll back to a known state. Each time you roll back the software image, it removes the most recent system update and restores the version that existed just prior to the update.
CAUTION: If you have made any configuration changes since updating the system, rolling b ack the software image will erase these changes.
1. From the main navigation menu in AMC, click Maintenance.
2. In the System configuration area, click Rollback.
3. To roll back to the version displayed on the Rollback page, click OK. After the rollback process is complete, the appliance automatically restarts and applies the changes.
4. After the appliance restarts, verify the new version number in the bottom-left corner of the AMC home page.
Note: To roll back the version on a cluster, you must follow the steps above on both nodes, beginning with the master node.

Verifying the Update

After installing the update, follow these steps to verify the current version number in AMC:
1. Log in to AMC.
2. From the main navigation menu, click System Status and make sure that the update succeeded by verifying the Version number:
10.5-<three-digit build number>
For more information on managing a cluster, see the Installation and Administration Guide.
SonicWALL Aventail E-Class SRA EX-Series 10.5.1 Release
232-001895-00 Rev A
5
Upgrade Guide

Updating a Clustered Pair

To update the SonicWALL Aventail software in a cluster environment, you must install the update file and import the license file to each node of the cluster. The order in which you update the nodes in the cluster is very important: begin the process with the master node, and then proceed to the slave node. There may be some disruption to service when performing the update, so schedule it during a maintenance window. Be sure to match the serial number and authentication code on mySonicWALL.com for each appliance; both are displayed on the Manage Licenses page in AMC (click General Settings, and then click Edit in the Licensing area).
For more information on managing a cluster, see the Installation and Administration Guide. To update a cluster:
1. Log in to AMC and verify which node is the master. For more information, see “Monitoring a Cluster” in the Installation and Administration Guide.
2. Log in to AMC on the master node and then, from the main navigation menu in AMC, click Maintenance.
3. In the System Configuration area, click Update.
4. If you have not already downloaded the update file (as described in “Obtaining the Update file”), click the mySonicWALL.com link and log in to download the appropriate update file to your local file system.
5. Type the path of the update file or click Browse to locate it.
6. On the second node click Maintenance in the main navigation menu in AMC.
7. In the System software updates area, click Update.
8. Type the path of the update file or click Browse to locate it.
9. Click Install Update. While the master node is updating, the slave node continues servicing requests. When the update to the master
node completes and the master comes back online, it notices that the slave node’s version differs from its own. It then stops the services on the slave node and services all incoming requests itself.
10. Log in to AMC on the slave node and then, on the AMC Home page, click Update.
11. Type the path of the update file or click Browse to locate it.
12. Click Install Update. When the update to the slave node completes and the slave node comes back online, it rejoins the cluster and
is synchronized with the master node. The load balancer is then aware that both nodes are available to service requests.
13. Make sure that the update succeeded by verifying in AMC on both nodes that the Version number is
10.5-<three-digit build number>.
SonicWALL Aventail E-Class SRA EX-Series 10.5.1 Release
232-001895-00 Rev A
6
Upgrade Guide

Importing Your SonicWALL Aventail License

If you are upgrading from version 9.0.x to a later version of the firmware, your existing license will work automatically; you do not need to re-import it. Here are a few situations in which importing a license is necessary:
You have bought a new license.  You are upgrading from a pre-9.0 version of the SonicWALL Aventail firmware; in this case you must obtain a
new license and import it.
The process for importing a license file is described in detail in the online help for the Aventail Management Console (AMC). Briefly, the steps are as follows:
1. From the main navigation menu in AMC, click General Settings, and then click Edit in the Licensing area. The Manage Licenses page appears.
2. Click Import License.
3. In the License file box, type the path for the license file you retrieved from your MySonicWALL account, or click Browse to locate it.
4. Click Upload, and then apply the change by clicking the Pending changes link in the upper-right corner. Note: When you upload a Spike License, the countdown of the number of days it is valid begins once you
activate it and apply the pending change in AMC. Don’t click the Activate link until you are ready to start using the Spike License.
_____________________ Last updated: 7/23/2010
SonicWALL Aventail E-Class SRA EX-Series 10.5.1 Release
232-001895-00 Rev A
7
Loading...
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use