This content has been marked as final. Show 6 replies
the latest available versions are:
For the ISM, the upgrade path is:
ISM: 22.214.171.124 --> 126.96.36.199 --> 188.8.131.52 --> 184.108.40.206
For the Sensor, you run into trouble as the several images you need are not available for download from the menshen site. So either you are lucky and they are alread on your ISM, or I would recommend you to netboot the sensors. Another option is to open a case with McAfee support as they can provide the images.
For the netboot process, please consult document ID 614385 at http://knowledge.mcafee.com
Also, for future references, I would recommend you to read the release notes for the different version released. You can find them at the McAfee Knowledge Base:
1/ Browse to http://knowledge.mcafee.com
2/ Under the 'Useful Links' section click on 'Product Documentation'. A pop-up window will open.
3/ Click on Intrushield Manager Software --> Intrushield Manager Software 4.1
On the relase notes look for the point 'Installation, upgrade, and usage best practices', which will indicate you the minimum version required to upgrade.
Many thanks for your detailed answer.
In fact I succeeded to upgrade my ISM following the upgrade path: 220.127.116.11 --> 18.104.22.168 --> 22.214.171.124
Then I tried to upgrade one of my sensor following this path: 126.96.36.199 --> 188.8.131.52 --> 184.108.40.206 --> 220.127.116.11
Then it was the nightmare !!!
Why you will ask me!
Because I was stupid enough to think that the 18.104.22.168 version I found was closed enough to the 22.214.171.124 to upgrade to 126.96.36.199!!!
Don't laugh too loud please, I've got a headache right now :p
In fact the correct upgrade path is 188.8.131.52 --> 184.108.40.206 --> 220.127.116.11 --> 18.104.22.168
Then I tried to downgrade directly to 22.214.171.124. Big big mistake sad (again!).
The nightmare became more intensive! All my ports B went down, no fail open any more except when I shutdown the appliance.
Many thanks dsf_v for the link to the netboot procedure but I still have some questions:
In fact I have a cluster of IPS. The Active one is working fine and the passive one is shutdown. The passive one is the "victim" of my stupidity :D.
My ISM is running 126.96.36.199. I think the manager is correct and I don't want to suffer by downgrading it.
Is my configuration can run correctly with my ISM in 188.8.131.52 and my sensors in 184.108.40.206???
I'm pretty sure that I have to netboot my passive IPS but what is the best way to proceed?
Stay in 220.127.116.11 or move directly with the netboot to 18.104.22.168?
Will my ISM in 22.214.171.124 and my sensors in 126.96.36.199 work fine together?
McAfee's Support told me that if I can't find the 188.8.131.52 version on menshen.intruvert.com, I won't find it anywhere :(.
Do I have to netboot my passive IPS first and then my active one or the reverse order???
Many thanks for your great input.
I can see you are having fun!! ;)
The ISM on the 184.108.40.206 managing sensors on 220.127.116.11 should not be a problem at all. However I would really recommend you to netboot the sensor to 18.104.22.168.
As you can see on the documentation, ISM 22.214.171.124. and IPS 126.96.36.199 are designed to work together.
Regarding the response you got from McAfee Support, it is obviously the ISM admin's job to keep up to date. I know they could provide them versions but in your case you don't really need them. Netboot the sensors.
1/ Netboot secondary sensor to 188.8.131.52
2/ Redirect traffic to secondary sensor
3/ Netboot primary sensor
4/ You are up to date on supported versions.
5/ Start looking at the 5.1 documentation :)
I am sure this will work ;)
I just wanted to add.... make sure your sensors are on 'layer2 mode on'. Any software problem they will go into layer2 bypass mode that should save you a lot of trouble...
You can send the sensor to layer2 mode with the command:
layer2 mode assert
To ga back to 'normal mode':
layer2 mode deassert
hopefully you are member of this forum!!
I'm quite disappointed by the McAfee's support. I just had one guy on the phone and he told me "it should be fine if you upgrade directly from 184.108.40.206 to 220.127.116.11"! :eek:
I've never worked with a support closing tickets so fast and providing so few answers!!!:mad:
I am more confident in your advices than in the vendor's ones. :cool:
By now my "defective" sensor is shut (failopen mode). I will do the netboot process this saturday.
It is really strange when I power up my sensor and when the software is loaded, I have really weird issues. Trafic that shouldn't pass through the IPS is impacted !!!
I let you know when I will have the force to fix up everything :D
in fact, I was able to identify the cause of our problem.
The Giga Optical Bypass switch failed so we are waiting for McAfee to change it. I'm pretty sure they won't be able to respect the SLA!
Anyway, Netboot procedure is very easy to follow as long as you test it once.