Maybe it would work, but I wouldnt advise doing this.
Seconded. You're replacing one risk with a very different (and unsupported by Mcafee) one.
Probably better to spin up a virtual instance of MWG, import your policy there, do the upgrade and test if you need more assurance.
It's a clever upgrade method and it would be great if vendors like McAfee could actually support upgrades like this, but I susepct it's a hard support problem with the constantly changing set of appliances plus support for virtual. In my experience any group in mcafee that does anything with appliances... it seems like you have to get to a pretty high tier of support before you get to a person who actually has access to any sort of lab and/or has been hands on from a hardware perspective on current hardware appliances.
Hell, I couldn't get one McAfee group (was it NDLP? Can't recall) to so much as have a procedure for Intel's built in IPMI that came included on Intel hardware they started selling in January. No one had a clue. Systemically it seems like Hardwarey stuff is hard for McAfee to support right now, which is a bit ironic given who owns them now. It'd be nice to see that change.
thanks for your estimation.
It´s a pitty we do not have a hardware test appliance, otherwise we would have the chance to try the method myself.
We already installed MWG in VMWare and installed the update successfully. But in VM we do not have multiple physical network devices with bonding. So the VM installation differs a bit from that one in production envrionment.
We are using two boxes in a HA cluster with Central Management, so we will first update one box after suspending from HA cluster. After testing the box we will resume in cluster and do the update on the second box.