Manualshelf

Setup guide

ManualsBrandsUpgrading everyday security ManualsHome building and DecorCommpact
41424344454647484950
14 In the CLI, follow the output of the show manager log command. After you see the maintenance-fs-
cleanup: Filesystem cleanup successful message, log in to the vShield Manager user interface.
The upgrade process restarts the vShield Manager service, so you might lose connectivity to the vShield
Manager user interface. None of the other vShield components are restarted.
15 Log in to the CLI of the vShield Manager, switch to enable mode, and run the show filesystems
command to ensure there is at least 2.5 GB free space for the upgrade.
Upgrade vShield Manager to Version 5.1 or Later
Procedure
1 Download the vShield upgrade bundle to a location to which vShield Manager can browse. The name
of the upgrade bundle file is something like VMware-vShield-Manager-upgrade_bundle-
buildNumber.tar.gz.
2 From the vShield Manager inventory panel, click Settings & Reports.
3 Click the Updates tab.
4 Click Upload Settings.
5 Click Browse and select the VMware-vShield-Manager-upgrade_bundle-buildNumber.tar.gz file.
6 Click Open.
7 Click Upload Upgrade Bundle.
8 Click Install to begin the upgrade process.
9 Click Confirm Install. The upgrade process reboots vShield Manager, so you might lose connectivity to
the vShield Manager user interface. None of the other vShield components are rebooted.
10 After the reboot, log back in to the vShield Manager and click the Updates tab. The Installed Release
panel displays version 5.1.2 that you just installed.
vShield App rules from the previous release are upgraded as described below.
Firewall feature in prior version Result of upgrade to version 5.1
Firewall rules allowed at datacenter,
cluster, and port group levels
Firewall rules allowed at namespace level - datacenter, port group with
independent name space, and virtual wire levels
After upgrade, firewall rules from non-namespace contexts are moved to
corresponding datacenter. Migrated rules are merged with datacenter rules in
the following order:
n
datacenter high
n
cluster
n
Non-namespace port group or dvport group
n
datacenter low
n
datacenter default
Firewall rules supported raw IP and
MAC addresses as well as port-
protocol and protocol-subtype
Firewall rules support only IPsets, MACsets, and security groups
After upgrade, IPset, MACset, or service is internally created as appropriate. The
names of the created containers follow these naming conventions:
n
IPset/MACset: ip/macValue-contextName
n
Service: protocolName-portNumber-contextName or protocolName-subtypeName-
contextName
Chapter 6 Upgrading vShield
VMware, Inc. 41