cancel
Showing results for 
Search instead for 
Did you mean: 

Upgrading web gateways in HA cluster

Jump to solution

Hi,

i hope my question will be answered if I post it here..

we need to upgrade our two webgateway nodes, which are in central management and in an HA cluster. I know I have to remove the nodes  from central management in order to upgrade the nodes, but what about the HA config? Can I leave it as it is? Meaning that at one point the nodes will have different software versions.. and will there be a downtime, if I upgrade ond after another?

Thanks

0 Kudos
1 Solution

Accepted Solutions
McAfee Employee

Re: Upgrading web gateways in HA cluster

Jump to solution

Hi Renata,

In proxy HA you can leave the nodes as is (which will interrupt things) or you can perform the following, which will have minimal interruption.

The idea is that we take old nodes out of service for upgrading, while transitioning new nodes in to service.

1. Identify a redundant director node or scanning node that we will upgrade. Take a backup before beginning as usual.

   a. Remove the "port redirects" under Configuration > Proxies. By removing the port redirects, this node will stop receiving traffic from the director.

   b. Upgrade the node

   c. Once upgraded, add the port redirects back in (that we removed in step 1a.) so node will start receiving traffic again

   d. Leave as standalone, or add into upgraded cluster

2. Now that the redundant director node and scanning nodes are upgraded, we can upgrade the current director node

   a. Adjust the priority to be zero or lower than the redundant director. This will transition traffic from the director node to the redundant director node

   b. Continue with 1a, 1b, 1c, 1d

In between each of these steps I would advise verifying that traffic is passing normally, this way you can easily revert to the last step. Step 2a is where things could go wrong if you don't have a redundant director.

Let me know if this helps. I recently did this with a customer in the middle of the day and it we only lost one ping throughout the process.

Best Regards,

Jon Scholten

5 Replies
McAfee Employee

Re: Upgrading web gateways in HA cluster

Jump to solution

Hi Renata,

In proxy HA you can leave the nodes as is (which will interrupt things) or you can perform the following, which will have minimal interruption.

The idea is that we take old nodes out of service for upgrading, while transitioning new nodes in to service.

1. Identify a redundant director node or scanning node that we will upgrade. Take a backup before beginning as usual.

   a. Remove the "port redirects" under Configuration > Proxies. By removing the port redirects, this node will stop receiving traffic from the director.

   b. Upgrade the node

   c. Once upgraded, add the port redirects back in (that we removed in step 1a.) so node will start receiving traffic again

   d. Leave as standalone, or add into upgraded cluster

2. Now that the redundant director node and scanning nodes are upgraded, we can upgrade the current director node

   a. Adjust the priority to be zero or lower than the redundant director. This will transition traffic from the director node to the redundant director node

   b. Continue with 1a, 1b, 1c, 1d

In between each of these steps I would advise verifying that traffic is passing normally, this way you can easily revert to the last step. Step 2a is where things could go wrong if you don't have a redundant director.

Let me know if this helps. I recently did this with a customer in the middle of the day and it we only lost one ping throughout the process.

Best Regards,

Jon Scholten

mbagheryan
Level 12

Re: Upgrading web gateways in HA cluster

Jump to solution

This is absolutely right as well as I did in my lab.

Cheers.

M. B

0 Kudos

Re: Upgrading web gateways in HA cluster

Jump to solution

Worked! Thanks!

when I started updating one node, some users were complaining, that they were not able to surf-but I think this was a clientsite problem. I guess if the TCP connection to a proxy node, which I've just started to upgrade, was still open, the user had such problems..

Kind regards

McAfee Employee

Re: Upgrading web gateways in HA cluster

Jump to solution

Hi Renata,

Glad it helped!

Best,
Jon

flitcraft33
Level 7

Re: Upgrading web gateways in HA cluster

Jump to solution

Thank you for your help on this. This is exactly the information I  was looking for.

flitcraft33

Dan Sichel

0 Kudos