we are running 7.0.4 now in our organization, but we have to plan to upgrade it to MEG 7.5.1, so i want to know about the common issues during upgradation and after upgradation, because i have to keep ready myself for every disaster.. And i shoul be able to show my management about the common issues, time and all other things which i can face during upgradation.
Also i have to add in this question, what will be about the performance of MEG 7.5.1 after upgradation, because MEG 7.0.4 performance base is very good.
Needs your comments on all drawbacks and advantages after upgradation.
I have recently upgraded MEG appliances from 7.0.2 / 7.0.4 to 7.5.1.
# Upgrade method:
There is no option to just update the appliances with a patch, so an "Full Upgrade mode" installation will be performed if you want to keep your configuration, reporting database, quarantaine, etc.
When you start the upgrade process you will receive a message that "an attempt will be made to keep information already stored on the appliance". A bit scary because no guarantee can be made that all data will be kept.
But both upgrades went fine and all data was still available.
# Issues during upgrade
We had 2 issues after upgrading:
- Our imported public TLS certicate was lost. Reimporting the certificate solved this. (the private key of the certificate wasn't exportable, so the upgrade proces did not insert that one probably)
- We are managing our appliances by an ePO server. There was no way to reconnect them back to the ePO server after the upgrade. This was caused by a identical line in the file "threshold.xml". Thanks to McAfee support it was solved within 1 hour.
I don't think everybody will run into this issue and that this was just a one time error due to corrupt policies.
# Issues after upgrade
We have seen a couple of issues after the upgrade. Mostly related to TLS. Therefor we are now going to upgrade them to 7.5.2. There are some improvements for that part of functionality.
The issues were:
- Not all external recipients are supporting TLS v1.2. We received outbound e-mail bounce messages like "554 Certificate rejected over TLS (Wrong cipher returned)" See KB79366 en KB78818 for more information.
- Time outs during sending e-mail with TLS. This is caused because McAfee uses SSLv2 to start the "Hello Client" part of the TLS connection. And when the recipient does not accept SSLv2 (because it's an older insecure protocol) a time-out occurs. See KB79384 for more information.
I did not see any performance impact before, during or after the upgrade. The both (physical) appliances still have more then enough resources available.
The administration portal seems to be some faster, and they really improved the reporting database. Where a previously did not want to click on "Search" because it took a lot of time to load, I now have result within a couple of seconds (with selecting a time period e.g..)
Before you are upgrading your appliance, be sure to:
- Read the upgrade manual for prerequisites and installation steps for your specific environment
- Backup your appliance configuration,
- Create a resque image
- Optional: backup your ePO configuration
- Disable your Inbound SMTP connections (keep in mind this will cause downtime if you did not have a clustered enviroment of failback server configured)
- Be sure to run the media validation check during the upgrade
Enjoy your upgrade!
Any questions? Let me know!