pg
U
Secure Remote Access
This document describes the process of installing a platform update on a SonicWALL Aventail E-Class SRA
appliance. The procedure is summarized here and described in more detail b elow:
SonicWALL Aventail E-Class SRA EX-Series v10.0.2
rade Guide
Create a MySonicWALL (www.mysonicwall.com) account, if you don’t already have one. You need an account
in order to register your SonicWALL Aventail SSL VPN.
Note: MySonicWALL registration information is not sold or shared with any other company.
Register your device on MySonicWALL. Registration provides access to essential resources, such as your
license file, firmware updates, documentation, and technical support information.
When you register, you are prompted to enter an authentication code.
Obtain your update file, install it, and verify it.
Updating a clustered pair of SonicWALL Aventail appliances is described at the end of this document. For a
complete list of known issues from previous versions that are fixed in this release, see the Release Notes.
Platform Compatibility
Version 10.0.2 of the SonicWALL Aventail E-Class SRA EX-Series is supported on the following appliances:
SonicWALL Aventail E-Class SRA EX7000
SonicWALL Aventail E-Class SRA EX6000
SonicWALL Aventail E-Class SRA EX-2500
SonicWALL Aventail E-Class SRA EX-1600
SonicWALL Aventail E-Class SRA EX-1500
SonicWALL Aventail E-Class SRA EX-750
Update Requirements
One of the following SonicWALL Aventail EX-Series platform versions must currently be installed on the appliance
in order to install the update. You can import a configuration that you created with any of these releases (including
the beta) into v10.0.2:
v10.x
v9.0x
v8.9x
v8.8.x
A few notes regarding your starting point for the upgrade:
If you installed the beta version of this release (which was labeled v9.5.0), you must revert the firmware on your
appliance to one of the versions listed above before installing the production release of v10.0.2.
The licensing scheme for the E-Class SRA EX-Series changed in v9.0x. If you are upgrading from v8.8 or v8.9
to a later version, you must obtain a new license.
Upgrading from 9.0.x directly to 10.0.2 may fail with a mysql error. If this occurs, upgrade first to 10.0.0 and then
to 10.0.2. For more information, see Knowledge Base Article 7007
To verify the current version:
From the main navigation menu in AMC, click System Status. Make sure that the Version number is one of the
supported version numbers listed above.
.
SonicWALL Aventail E-Class SRA EX-Series v10.0.2
Part number 232-001710-00_Rev_B
Upgrade Guide
Creating a MySonicWALL Account
If you don’t already have a MySonicWALL account, create one by completing an online registration:
1. In your Web browser, go to www.mysonicwall.com.
2. In the User Login section, follow the link for users who are not yet registered.
3. Enter your account information, personal information, and preferences, and then click Submit. Be sure to use a
valid email address.
4. Follow the prompts to finish creating your account. SonicWALL will send a subscription code to the email
address you entered in step 3.
5. When you return to the login screen, log in with your new username and password.
6. Confirm your account by entering the subscription code you received by email.
You have now created and logged into your MySonicWALL account.
Registering Your SonicWALL Aventail E-Class SRA Appliance
To register your appliance, log in to your MySonicWALL account:
1. In your Web browser, go to www.mysonicwall.com and log in with your username and password.
2. Locate your software serial number, which is printed on the back of your SonicWALL Aventail appliance.
3. Enter your serial number, and then click Next. Follow the on-screen instruction s.
4. Confirm your serial number.
5. Enter a name for this appliance.
6. If you are upgrading to v10.0.2 from v8.8 or v8.9, you must also enter an authentication code (how to find the
code is described in the next section).
7. Click Register to continue.
Follow the online prompts to fill out the survey and complete the registration process.
Finding the Authentication Code for Your Appliance
Your authentication code is the hardware identifier for your appliance, and it is displayed in one or two places,
depending on your appliance model:
EX7000 and EX6000: Both your serial number and authentication code are printed on your appliance label;
they are also displayed on the General Settings page in AMC. Skip to the next section.
EX-2500, EX-1600, EX-1500, and EX-750: Your authentication code is the same as the MAC address of the
internal (eth0) network port. If you know how to obtain the MAC address for eth0, you can supply it to the
mySonicWALL.com Web site and proceed to get your license before upgrading the appliance software.
If you are not comfortable doing this, the simplest way to find the code is to first upgrade your appliance to
v10.0.2, and then copy and paste it from AMC. Follow these steps to get the authentication code/MAC address
of your appliance:
1. Install the v10.0.2 upgrade (see the steps in the next section, “Obtaining the Update File from
mySonicWALL.com”).
2. Click General Settings in the main navigation menu in AMC. On an appliance running v10.x, the
authentication code is shown in the Licensing area of that page: copy this code.
3. Log back in to mySonicWALL.com to retrieve your license file: select your appliance, and then paste its
authentication code into the corresponding text box.
SonicWALL Aventail E-Class SRA EX-Series v10.0.2
Part number 232-001710-00_Rev_B
2
Upgrade Guide
Obtaining the Update File from mySonicWALL.com
The next step is to obtain the update file and copy it to the file system of your local computer:
1. In your Web browser, go to www.mysonicwall.com and log in with your username and password.
2. In the Downloads area, select your EX-Series software type from the drop-down list.
3. In the Available Software list, select the firmware item that corresponds to your appliance. You’ll be prompted
to download a file named <part number>_upgrade-<n>_<n>_<n>_<three-digit build number>.bin file to your
local computer.
Verifying the Downloaded Update File
To make sure that the update was successfully transferred to your local compute r, comp are its checksum against
the MD5 checksum information displayed on MySonicWALL.
To verify the MD5 checksum of the upgrade file on a PC, use a Windows- or Java-based utility. Microsoft, for
example, offers an unsupported command-line utility on their site named File Checksum Integrity Verifier (FCIV).
Follow these steps to compare checksums using this utility:
1. At the DOS command prompt, type the following, which returns a checksum for the downloaded file:
fciv <upgrade_filename>.bin
2. Compare the result against the MD5 checksum displayed on MySonicWALL. If they match, you can safely
continue with your update. If they differ, try the download again and compare the resulting checksums. If they
still don’t match, contact Technical Support.
To verify the MD5 checksum directly on your SonicWALL Aventail appliance, type the following command, which
returns a checksum for the downloaded file:
md5sum <upgrade_filename>.bin
Installing the Update
This section outlines the process of updating your system.
Note: Starting in v10.0, you can no longer configure CA eTrust SiteMinder as an authentication server on the
SonicWALL Aventail appliance. If your current configuration includes a SiteMinder server, remove it from your
configuration before you back it up in preparation for installing the v10.0.2 update file, otherwise you will se e an
“Update failed” error message.
Backing Up Your Current Configuration
Before updating, it’s a good idea to back up the current configuration data from your appliance using the export
feature in AMC. This step is optional, but recommended:
1. From the main AMC navigation menu, click Maintenance.
2. In the System configuration area, click Import/Export.
3. Click the Export button. A File Download dialog box prompts you to open the .aea file or save it to your hard
drive.
Note: On Windows operating systems, Internet Explorer may block the download of the .aea file. To work
around this, click the information bar that appears beneath the Internet Explorer Address box, and then click
Download File.
4. Click Save, browse to the correct directory on your hard drive, and then save the .aea file.
5. Click OK on the Export Configuration page to return to the Import/Export page.
SonicWALL Aventail E-Class SRA EX-Series v10.0.2
Part number 232-001710-00_Rev_B
3
Upgrade Guide
Installing the Update File
Next, install the update using AMC:
1. From the main navigation menu in AMC, click Maintenance.
2. In the System software updates area, click Update.
3. If you have not already downloaded the update file (as described in “Obtaining the Update File from
mySonicWALL.com”), click the mySonicWALL.com link and log in to download the appropriate update file to
your local file system.
4. Type the path of the update file or click Browse to locate it.
5. Click Install Update. This step may take several minutes, depending on the network connection speed.
After the file upload process is complete, the update is automatically installed on the appliance. You canno t
cancel this part of the installation process. The appliance automatically restarts when the inst allation is
complete.
6. There are some known issues to be aware of before you start using the appliance:
Connect Tunnel: If access to Connect Tunnel is enabled for an existing community, access continues to
be granted in v10.0.2 after you update by virtue of a policy rule. However, if Connect Tunnel is not an
explicitly allowed access method, the result of migrating to v10.0.2 is that users will be unable to access it. If
this is an issue for your deployment, the way to fix this is to create a Connect Tunnel access rule.
Session Details: If you upgrade your appliance and immediately begin using it, the Session Details page
incorrectly indicates that some requests are being denied (for example, the rule summary might look like
this: "Access to this destination has been rejected by an implicit deny all rule at the end of the Access
Control list"). To work around this issue you need to make sure that you apply at least one other change
after you upgrade and the appliance restarts. Applying just one additional change in AMC will populate the
database with policy IDs [issue 73936].
Password: To log in to the appliance after an upgrade, enter the password you specified when using the
Web-based Setup Wizard or command-line Setup Tool. If you changed the root password using Setup Too l,
it will be reset during the upgrade process [issue 56941].
Restoring a Configuration
If the installation of the update file is interrupted or fails, restore a saved configuration (creating a backup, as
described in “Backing Up Your Current Configuration,” is highly recommended). To restore a configuration:
1. From the main navigation menu in AMC, click Maintenance.
2. In the System configuration area, click Import/Export.
3. In the File name box, type the path of the appropriate file (<appliance_name>-<date>-<nnn>.aea), or click
Browse to locate it.
4. Click Import. To activate the imported configuration, you must apply changes.
Rolling Back to a Previous Version
From AMC, you can undo the most recent update installed on the system. If you experience problems after
completing an update, for example, you may want to use this feature to roll back to a known state. Each time you
roll back the software image, it removes the most recent system update and restores the version that existed ju st
prior to the update.
CAUTION: If you have made any configuration changes since updating the system, rolling back the software image
will erase these changes.
1. From the main navigation menu in AMC, click Maintenance.
2. In the System configuration area, click Rollback.
SonicWALL Aventail E-Class SRA EX-Series v10.0.2
Part number 232-001710-00_Rev_B
4
Upgrade Guide
3. To roll back to the version displayed on the Rollback page, click OK. After the rollback process is complete, the
appliance automatically restarts and applies the changes.
4. After the appliance restarts, verify the new version number in the bottom-left corner of the AMC home page.
Note: To roll back the version on a cluster, you must follow the steps above on both nodes, beginning with the
master node.
Verifying the Update
After installing the update, follow these steps to verify the current version number in AMC:
1. Log in to AMC.
2. From the main navigation menu, click System Status and make sure that the update succeeded by verifying
the Version number:
10.0.2-<three-digit build number>
Updating a Clustered Pair
To update the SonicWALL Aventail software in a cluster environment, you should take both appliances off-line so
that no new user sessions are established:
If you are administering the appliance pair remotely, you can do this by stopping the services on the appliance.
If you have physical access to the appliances, you can stop communication between them by disconnecting the
network crossover cable between the cluster interface adapters.
On each node of the cluster—first on the master node, and then on the slave node—you must install the update file
and import the license file. For more information on managing a cluster, see the Installation and Administration
Guide.
To update a cluster:
1. Log in to AMC on both nodes in the cluster.
2. On the master node, stop the services:
a. In the main navigation menu in AMC, click Services.
b. In the Access services area, click Stop for each of the three services (Network tunnel, Web proxy, and
Aventail WorkPlace).
3. In the main navigation menu in AMC, click Maintenance.
4. In the System software updates area, click Update.
5. If you have not already downloaded the update file (as described in “Obtaining the Update file from
mySonicWALL.com”), click the mySonicWALL.com link and log in to download the appropriate update file to
your local file system. Be sure to match the serial number and authentication code on mySonicWALL.com for
each appliance. The information is displayed on the General Settings page in AMC (click General Settings,
and then look in the Licensing area).
6. Type the path of the update file or click Browse to locate it.
7. Click Install Update. A file upload status indicator appears. If necessary, you can stop the upload process by
clicking Cancel.
8. On the second (slave) node, log in to AMC, and then click Maintenance in the main navigation menu.
9. In the System software updates area, click Update.
10. Type the path of the update file or click Browse to locate it.
11. Click Install Update. A file uploa d status indicator appears. If necessary, you can stop the upload process by
clicking Cancel.
SonicWALL Aventail E-Class SRA EX-Series v10.0.2
Part number 232-001710-00_Rev_B
5
Upgrade Guide
12. The nodes will automatically reboot once the update is installed; services are restored after reboot.
13. Make sure that the update succeeded by verifying on both nodes that the Version number in the lower-left
corner in AMC is:
10.0.2-<three-digit build number>
Importing Your SonicWALL Aventail License
If you are upgrading from v9.0.x to a later version of the firmware, your existing license will work automatically; you
do not need to re-import it. Here are a few situations in which importing a license is necessary:
You have bought a new license.
You are upgrading from a pre-v9.0 version of the SonicWALL Aventail firmware; in this case you must obtain a
new license and import it.
The process for importing a license file is described in detail in the online help for the Aventail Management
Console (AMC). Briefly, the steps are as follows:
1. From the main navigation menu in AMC, click General Settings, and then click Edit in the Licensing area. The
Manage Licenses page appears.
2. Click Import License.
3. In the License file box, type the path for the license file you retrieved from your MySonicWALL account, or click
Browse to locate it.
4. Click Upload, and then apply the change by clicking the Pending changes link in the upper-right corner.
Note: When you upload a Spike License, the countdown of the number of days it is valid begins once you
activate it and apply the pending change in AMC. Don’t click the Activate link until you are ready to start using
it.
_____________________
Last updated: 8/11/2009
SonicWALL Aventail E-Class SRA EX-Series v10.0.2
Part number 232-001710-00_Rev_B
6
Loading...