cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
User27605043
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 1 of 9
‎07-15-2022 12:58 PM

Upgrade of MWG from 9.2.10 to 10.2.11

Jump to solution

Looking at the Upgrade documenation provided in the Installation Guide and the Best Practices KB (KB76905), for this and there are a few unanswered questions. 

Possibly someone here can answer some of these questions. 

We have a 2 node Environment usig Centeral Management.

Should you upgrade the primary node or the secondary node first?

After removing an appliance from Central Management, does the node still in Central management then handle the production Web traffic?

After a node is upgraded, do you add it back to Central Management before removing the 2nd node?

I am not sure what else I could be missing with this. Thanks!

Stewart
0 Kudos
Reply
1 Solution

Accepted Solutions
User27605043
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 9 of 9
‎07-29-2022 05:57 AM

Re: Upgrade of MWG from 9.2.10 to 10.2.11

Jump to solution

Upgrade was completed 

Lessons learned from the upgrade.

  1. Once removed from cluster and upgraded the node cannot be moved back to the cluster as when attempted you get a version mismatch error and the add will not proceed.
  2. After removing a node from the Cluster, the now independent node will still field Web traffic. Tests confirm the now independent node showed traffic handling in  Troubleshooting > Rule tracing central.  (This may be due to our configuration using WCCP and no changes to firewall rules in our organization were changed).
  3. My observation is that the MWG Cluster serves an administrative function and policy function, but has no bearing on traffic (that I observed).
  4. Internet connectivity or traffic was always available during the process and at no point in time during upgrade of secondary or primary nodes was there an interruption perceived via testing.
Stewart

View solution in original post

Reply
8 Replies
Jimmy
Employee
Employee
Report Inappropriate Content
Message 2 of 9
‎07-17-2022 09:41 PM

Re: Upgrade of MWG from 9.2.10 to 10.2.11

Jump to solution

Assume we have node A(primary) and B(secondary), as well as a VIP, in a cluster.

- Remove B from the cluster, then upgrade as a standalone unit
- While A and the VIP continue to serve web traffic
- Confirm B is not affected by the upgrade, then upgrade A (You can redirect proxy traffic to B to minimize downtime)
- B rejoins the cluster

0 Kudos
Reply
User27605043
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 3 of 9
‎07-18-2022 05:52 AM

Re: Upgrade of MWG from 9.2.10 to 10.2.11

Jump to solution

Just to add info to my orginal configuration information, we are using WCCP, I am not sure how that works with the redirection between nodes noted in your reply. 

One other question, what is a typical amount of time for an upgrade?  15 minutes, 30 minutes 1 hour or more?  Thanks,

Stewart
0 Kudos
Reply
User27605043
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 4 of 9
‎07-18-2022 06:47 AM

Re: Upgrade of MWG from 9.2.10 to 10.2.11

Jump to solution

One other question. 

For Change Control, there must be a process included for recovery in the event there is an issue.

What is the process for recovery if the Upgrade fails?

Stewart
0 Kudos
Reply
User27605043
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 5 of 9
‎07-18-2022 12:18 PM

Re: Upgrade of MWG from 9.2.10 to 10.2.11

Jump to solution

I have confirmed with support that B node can be added back after upgrade before Primary node A is updated. (not recommended for long term). The Primary can be upgraded at that point and the secondary will handle the Web traffic while the Primary is upgraded. 

Stewart
0 Kudos
Reply
Jimmy
Employee
Employee
Report Inappropriate Content
Message 6 of 9
‎07-18-2022 04:47 PM

Re: Upgrade of MWG from 9.2.10 to 10.2.11

Jump to solution

https://kcm.trellix.com/corporate/index?page=content&id=KB89192

 

Check out this article for more information on scenario upgrades and time frames. The upgrade process uses Yum package manager.

 

 

0 Kudos
Reply
User27605043
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 7 of 9
‎07-19-2022 04:22 AM

Re: Upgrade of MWG from 9.2.10 to 10.2.11

Jump to solution

I had not found KB89192. Nice. 

But I had found KB76905. The way it reads, you do not put the updated nodes back in the cluster until after the Primary left in Central Management is Upgraded. (Step 7) I had asked Support if that was true, as I was worried that with no working nodes in CM, we would lose Internet Web activity during the primary upgrade.  Support indicated that to maintain Traffic the Secondary could be added back before upgrading the primary, to ensure that the secondary would be handling the Web traffic. 

 

 

Stewart
0 Kudos
Reply
User27605043
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 8 of 9
‎07-19-2022 04:38 AM

Re: Upgrade of MWG from 9.2.10 to 10.2.11

Jump to solution

I have one other question about this. 

My boss believes our Cluster is Active/Passive. I believe it is Active/Active. How to confirm how they are responding?

Stewart
0 Kudos
Reply
User27605043
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 9 of 9
‎07-29-2022 05:57 AM

Re: Upgrade of MWG from 9.2.10 to 10.2.11

Jump to solution

Upgrade was completed 

Lessons learned from the upgrade.

  1. Once removed from cluster and upgraded the node cannot be moved back to the cluster as when attempted you get a version mismatch error and the add will not proceed.
  2. After removing a node from the Cluster, the now independent node will still field Web traffic. Tests confirm the now independent node showed traffic handling in  Troubleshooting > Rule tracing central.  (This may be due to our configuration using WCCP and no changes to firewall rules in our organization were changed).
  3. My observation is that the MWG Cluster serves an administrative function and policy function, but has no bearing on traffic (that I observed).
  4. Internet connectivity or traffic was always available during the process and at no point in time during upgrade of secondary or primary nodes was there an interruption perceived via testing.
Stewart
Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use our Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from product experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by employees.
Join the Community
Join the Community

TrellixSkyhigh Security | Support Trellix.com SkyhighSecurity.com

Legal Privacy Copyright © 2023 Musarubra US LLC