What is your current version of 8.2.x?
What version of 8.3.X are you moving to?
How are your managers set up? Do you use Central managers? Are your managers in MDR pairs?
What is the volume of alerts in your database?
Do you plan to upgrade your sensors straight after the manager upgrade or separately?
What is the current software version on the sensors and what version are you planning on moving to?
Have you tested your upgrade by restoring a backup onto a test server and making sure the upgrade works?
In answer to your questions
1) The sensors should continue to function, they will hold alert data in memory until it becomes full and then start dropping alert data. (If you're managers are in MDR pairs the secondary manager will take over)
2) The install guide gives details of the recommended backups, A Config Tables backup and an All TAbles backup before and after the upgrade.
3) Test you upgrade. Make sure you know how log it will take, if you will need to run the import scripts after, if you are goign to have any major issues.
Read the release notes / known issues pages for the version you're moving to.
Perform DB Tuning in teh days before the upgrade.
Hi Peter, thanks for the reply and sorry for my late response.
So here are some of the answers:
- Moving from 18.104.22.168 to 22.214.171.124
- I just operate one Manager, no pairs
- Volume of alerts is low, around the few thousands per day (I'm talking about individual events here, but they can be grouped in no more than 30 attack deffinitions)
- I will upgrade my sensors immediately after the Manager
Now in regards to this question: "Have you tested your upgrade by restoring a backup onto a test server and making sure the upgrade works?" What do you mean by it? making a backup of my NSM configuration and restoring it in a test server with NSM installed?
One more question, the Manger has the option to archive IPS Data (Maintenance > Data Archiving > IPS) is this also a good practice on top of backing up the database?
i have performed the upgrade one day ago same as you mentioned above , everything gone smoothly , but i recommend you to keep the sensor running with the old version for a while , and when you see that every thing is going well with your new Manager , the you can proceed upgrading the sensors .
unfortunately i am having problems with the new software :
Historical Alerts Has been Disappeared .
Quarantine page doesn't showing any thing .
Notification problems .
and i am opening a ticket to solve it .
Sorry for not getting back to you sooner, hope this helps.
Yes, I meant building another NSM on your current version of 126.96.36.199 and making sure you can restore an 'All Tables' backup on to it.
Then I would run the upgrade on this server to make sure it works and find out how long it will take to upgrade and run the import scripts after upgrade.
If you haven't already, look at the Upgrade section in the NSM 8.3 Install guide, there is a section on preparing for your upgrade.
Network Security Platform documentation reference guide
Also review the known issues list.
Network Security Platform 8.3.x Known Issues
There have been a couple of hotfix releases since 188.8.131.52, the most recent is 184.108.40.206, you will need to contact support to get a download link.
Network Security Platform 220.127.116.11.1 Manager Hotfix Release Notes
There is no need to upgrade your sensors immediately, if you run into issues after your upgrade and need to go back to the previous version you would then need to downgrade your sensors as well.
Depending on how many sensors you have you might want to upgrade just one of each model to make sure you don't have any issues.