cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cronus.lin
Level 7
Report Inappropriate Content
Message 1 of 4
‎02-22-2021 09:18 PM

upgrade MWG from v7.8 to v9.2

Hi all

We plan to upgrade MWG v7.8 to v9.2.8 and I have some questions.

1. I check some documents and found MWG 8.2.0 and later include the replacement for the
McAfee Network Driver (MFEND), it means Proxy HA behavior changes after v8.2.0.
So I test upgrading in my lab. Unit 1 and unit 2 are in the mode HA proxy with the same version v7.8.I upgrade unit2 from v7.8 to v9.2.8 directly. After upgrading unit 2,I changed priority of unit 1 to 70 and priority of unit 2 is 80. I found owner of virtual IP was still unit1. If I can't HA switch with changing priority, service will be impacted during updating. Is there any additional step I have to do?

2.Is there a step that I can following to upgrade MWG from v7.8 to new version and makes no service
impact during updating?

0 Kudos
Reply
3 Replies
mkutrieba
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 4
‎02-22-2021 11:46 PM

Re: upgrade MWG from v7.8 to v9.2

Hello,

in general, this should work.

1) not sure what exactly happens but I guess that proxy HA mode is improperly configured and therefore there are communication errors causing this. Normally, you can transfer VIP and then remove port redirects and make sure that backup node does not receive any traffic. Then you can upgrade and do same vice versa.

2) Our best practices about upgrading are described here in this KB:
https://kc.mcafee.com/corporate/index?page=content&id=KB89192

Further, if you need another details for proxy HA mode config with haproxy, we have 2 KB articles and 2 community articles (which do contain clear example configuration with IP addresses):

KB:
https://kc.mcafee.com/corporate/index?page=content&id=KB91848
https://kc.mcafee.com/corporate/index?page=content&id=KB91849

Community:
https://community.mcafee.com/t5/Enterprise-Documents/Example-Proxy-HA-configuration-using-HAProxy-mf...
https://community.mcafee.com/t5/Enterprise-Documents/Example-Transparent-Proxy-configuration-using-H...

If all this does not help and you still encounter the issue, please create a feedback file from each node and open a ticket with that so that support can check.

Regards,
Marcel Kutrieba
Technical Support Engineer

If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!
0 Kudos
Reply
cronus.lin
Level 7
Report Inappropriate Content
Message 3 of 4
‎03-02-2021 01:48 AM

Re: upgrade MWG from v7.8 to v9.2

Hi mkutrieba

This is my setting.

MWG1 192.168.52.61/24 VIP 192.168.52.63/32 VRRP 51 priority 90

MWG2 192.168.52.62/24 VIP 192.168.52.63/32 VRRP 51 priority 80

Before I upgrade MWG2, MWG2 could become active unit when I adjust priority to 70 on MWG1.

This step is to make sure VRRP is working before upgrade.

I upgrade MWG2 from 7.8 to 9.2 first, it means the active unit is MWG1.

After upgrading MWG2 successfully,  I can't make MWG2 to become active by changing priority.

I tried to add configuration of scanner on MWG2 and it didn't work.

What configuration should I check or add after I upgrade one unit to 9.2 so that VRRP could work fine between v7.8 and v9.2?

 

 

0 Kudos
Reply
mkutrieba
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 4
‎03-02-2021 02:45 AM

Re: upgrade MWG from v7.8 to v9.2

Hello,

based on this I cannot help much, but it sounds like proxy HA configuration still needs to adjusted as MFEND got replaced with haproxy where configuration changes (scanner table entries, change listener from 0.0.0.0:port to MWGIP:port and so one) are mandatory to get it back to work.

I suggest to create a feedback file and then open a ticket and PM me the SR number, then I will take it over, analyse the file and come back to you via ticket.

Regards,
Marcel Kutrieba
Technical Support Engineer

If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!
0 Kudos
Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community


Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA

Consumer Support   |   Enterprise Support   |   McAfee.com

Legal   |   Privacy   |   Copyright © 2020 McAfee, LLC