Can i do straight upgrade ? No
Do i need to reboot firewall after upgrade? Yes, several times (after each update step)
During upgrade will it allow traffic to pass? Yes, until the reboot
Will any config will change with this upgrade. Changes might be needed due to updates in policy validation. See the release notes.
In summary: You should have a maintenance window for this.
Please take a look at the release notes for each version, you can find them from the knowledge center:
The upgrade path will be:
8.3.0 > 8.3.1 > 8.3.2 > 8.3.2P03 > 8.3.2P06
Here some links to the release notes:
Firewall Enterprise 8.3.1 Release Notes
Page 12 and following:
Upgrade a firewall to version 8.3.1
• Your firewall must be at version 8.3.0 to upgrade to version 8.3.1.
Firewall Enterprise 8.3.2 Release Notes
Page 12 and following:
Upgrade a firewall
Before you begin
• Your firewall must be at version 8.3.1.
Firewall Enterprise 8.3.2P03 Release Notes (PD25205)
Firewall Enterprise 8.3.2P06 Release Notes
To bring your firewall to version 8.3.2P06, follow the patch installation process appropriate for your
Before you begin The firewall must be at version 8.3.2P03.
Thanks for explaining me in detail.
Can you please tell me one more thing first i download the software from MCafee website to hard disk in firewall right?
Then whem i install it does it gets installed in flash memory?
How can i check the free disk space from CLI ?
Upgrades are downloaded and applied via the Firewall Administration console (or using the 'cf package' commands from the command line).
You need to make sure that the Firewall's maintenance license is valid. If it has expired then the process will not work. If you go to Maintenance -> Software Management and click on the "Check for updates" button, the Firewall will establish a connection with the McAfee download repository and will then display a list of all qualifying packages in the main body of the GUI. Note - you will only see those updates relevant to your current base version. So, if you are currently at 8.3.0 you will not see any 8.3.2 packages. Once you have upgraded to 8.3.1, repeat the "check for updates" process and the GUI will display a new list of packages. When you get to 8.3.2, and you check again then the 8.3.2P06 package should appear in the list.
Volker has given you the upgrade path in his response. I admit, I was always advised to upgrade to the latest patch version of the base release before moving to the next version increment, but Volker has indicated that if you are on 8.3.0 you can go straight to 8.3.1 and then on to 8.3.2 before then applying 8.3.2P06.
This process is covered in the manual, but higlight the package in the list and click the "download" button. Once downloaded you will then be able to install the package.
It is always advisable to take a configuration backup first. Backups are version specific, so each time you apply a new package take a fresh backup and keep a copy on your local workstation just in case. Then if something goes disastrously wrong you can take the original installation media, re-image the appliance, upgrade to the correct patch level and then restore the backup. However, the Firewall software is stored on two separate disk partitions. Upgrades are applied to the dormant partition and then the firewall re-boots to this slice (effectively making the orginal live slice the dormant one). If for any reason the upgrade process fails to complete, the system sticks with the existing partition leaving you exactly where you were before you tried to perform the upgrade.
Many thanks Phil