Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
850 Views 7 Replies Latest reply: Apr 22, 2013 3:11 AM by speed_do RSS
speed_do Newcomer 4 posts since
Apr 19, 2013
Currently Being Moderated

Apr 19, 2013 2:57 AM

Patch & Software Upgrade

Hi All,

 

One of the customers is planning to upgrade their firewalls, from 8.2.1P03 to 8.2.1P07, they own a firewall cluster, (s4016 in HA)

 

As newbie in MFE, I would like to know if somebody can help me.

 

If we apply the patch from 8.2.1P03  to 8.2.1.P07, and for some reason the customer needs  to go back to 8.2.1P03 from 8.2.1P07. What should I need to do?

 

I understand that 8.2.1P07 is uninstallable, so in order for going back from 8.2.1P07 to 8.2.1P03 is it as simple as uninstall the installed patch 8.2.1P07 and reboot? and the firewall comes up with the previous installed version and Patch?

 

Thank you,

 

 

 

 

Another one.

 

If customer is running 8.2.1P07 and wants to install version 8.3, once it is installed the 8.3 version what is the procedure from going back from 8.3 to 8.2.1P07. Is it as simple as uninstall the version 8.3 from the admin console and reboot and the firewall comes up whith the previos version installed?

 

thank you,

  • oreeh Apprentice 76 posts since
    Nov 24, 2009
    Currently Being Moderated
    1. Apr 19, 2013 5:53 AM (in response to speed_do)
    Re: Patch & Software Upgrade

    You can not uninstall a pacth that is flagged as  "uninstallable".

     

    If you want to get rid of one of those you have to either restore a full backup or reimage the firewall and restore a configuration backup.

  • oreeh Apprentice 76 posts since
    Nov 24, 2009
    Currently Being Moderated
    3. Apr 19, 2013 6:16 AM (in response to speed_do)
    Re: Patch & Software Upgrade

    > If I uninstall this package 8.2.1P07, and then reboot,does the MFE comes up with the lastest software & pacth installed? (in this case is 8.2.1P03).

     

    yes

  • oreeh Apprentice 76 posts since
    Nov 24, 2009
    Currently Being Moderated
    4. Apr 19, 2013 6:17 AM (in response to oreeh)
    Re: Patch & Software Upgrade

    > You can not uninstall a pacth that is flagged as  "uninstallable".

     

    that should have read "uninstallable = no"

  • sliedl McAfee SME 535 posts since
    Nov 3, 2009
    Currently Being Moderated
    6. Apr 19, 2013 10:33 AM (in response to speed_do)
    Re: Patch & Software Upgrade

    The firewall has two 'slices' (Systems), two separate instances of the firewall OS.  When the firewall boots, it defaults to the Operational System and runs there.  When the firewall installs a patch, it installs the patch to the Alternate System, in the background.  If the installation fails there, the firewall does not reboot.  If the patch installation is successful, the firewall will reboot and boot to the Alternate System (which has the new patch on it).  This now becomes the Operational System.

     

    In your case it would be like this:

    • Operational system: 8.2.1P03
    • Alternate system: [some other version]
    • Now you install 8.2.1P08.
    • The install completes and the FW reboots to 8.2.1P08.  Version 8.2.1P08 is the Operational System.
    • If you reboot the firewall now and choose Alternate System at the first prompt the firewall will boot to the 8.2.1P03 slice (the previous version).

     

    This is the Rollback feature in the GUI in the Software Management section or 'cf package rollback' on the command-line.

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points