Installation guide
119
Upgrading Engines Remotely
Upgrading Engines Remotely
You can upgrade the engines through the Management Server by importing the upgrade package
manually or automatically. You can then activate the upgrade package or you can transfer the
upgrade package to the engine and activate it separately later, for example, during a break in
service. You can also create a scheduled Task for the remote upgrade as instructed in the
McAfee SMC Administrator’s Guide or in the Management Client Online Help.
During an IPS Cluster, Layer 2 Firewall Cluster, or Master Engine cluster upgrade, it is possible
to have the upgraded nodes online and operational alongside the older version nodes. However,
you must upgrade all the nodes to the same version as soon as possible, as prolonged use with
mismatched versions is not supported.
To upgrade the engine
1. Click the System Status icon. The System Status view opens.
2. If you want to activate the new version immediately, right-click the engine node and select
Commands→Go Offline. A confirmation dialog opens.
3. (Optional) Enter an Audit Comment to be shown in the audit log entry that is generated
when you send the command to the engine.
4. Click Yes.
5. Right-click the engine node and select Upgrade Software. The Remote Upgrade Task
Properties dialog opens.
6. Select the type of Operation you want to perform:
•Remote Upgrade (transfer + activate): install the new software and reboot the node
with the new version of the software.
•Remote Upgrade (transfer): install the new software on the node without an immediate
reboot and activation. The node continues to operate with the currently installed version
until you choose to activate the new version.
•Remote Upgrade (activate): reboot the node and activate the new version of the
software that has been installed earlier.
7. Check the Target node selection and change it, if necessary.
8. Select the correct Engine Upgrade file and click OK. A new tab opens, showing the
progress of the upgrade. The time it takes to upgrade the node varies depending on the
performance of your engine and the network environment. Click Abort if you want to stop
the upgrade.
9. Refresh the policy of the upgraded engine to make sure any possible changes specific to
the new software version are transferred to the engine.
If you chose to activate the new configuration, the engine is automatically rebooted and the
upgraded engine is brought to the online state once the engine is successfully upgraded.
If you are upgrading an IPS Cluster, Layer 2 Firewall Cluster, or Master Engine cluster, we
recommend beginning the upgrade on the next node only when the upgraded node is back
online.
What’s Next?
Upgrade any other engines in the same way.
Otherwise, the upgrade is complete.