Juniper Secure Analytics Patch Release Notes

Similar documents
Juniper Secure Analytics Patch Release Notes

Juniper Secure Analytics Patch Release Notes

Juniper Secure Analytics Patch Release Notes

Upgrading STRM to

Juniper Secure Analytics Patch Release Notes

Juniper Secure Analytics Virtual Appliance Installation Guide

NSM Plug-In Users Guide

Juniper Secure Analytics

Troubleshooting Guide

UPGRADING STRM TO R1 PATCH

NSM Plug-In Users Guide

Contrail Release Release Notes

High Availability Guide

STRM Series to JSA Series

Web Device Manager Guide

Release Notes Patch 1

Patch Release Notes. Release Juniper Secure Analytics. Juniper Networks, Inc.

Subscriber Traffic Redirection

Juniper Secure Analytics

IDP Detector Engine Release Notes

EX2500 Ethernet Switch 3.1 Release Notes

Junos Space. Reports. Release Published: Copyright 2014, Juniper Networks, Inc.

Juniper Secure Analytics Configuring Offboard Storage Guide

Juniper Networks CTPOS Release 7.0R1 Software Release Notes

Juniper Secure Analytics

STRM Administration Guide

JUNOSPHERE RELEASE NOTES

Junos Space Virtual Appliance Installation and Configuration Guide

NSM Plug-In Users Guide

Junos Space Service Now Getting Started Guide

Service Now Getting Started Guide

Juniper Secure Analytics

JUNOSPHERE RELEASE NOTES

Virtual Route Reflector

Junos Space Virtual Appliance Installation and Configuration Guide

Partition Splitting. Release Juniper Secure Analytics. Juniper Networks, Inc.

Intrusion Detection and Prevention IDP 4.1r4 Release Notes

Junos Space Virtual Appliance Installation and Configuration Guide

Installing and Upgrading Avaya Aura System Manager

Patch Release Notes. Release Juniper Secure Analytics. Juniper Networks, Inc.

Offboard storage. Release Modified: Copyright 2016, Juniper Networks, Inc.

STRM Log Manager Administration Guide

Reconfigure Offboard Storage During a JSA Upgrade

Log & Event Manager UPGRADE GUIDE. Version Last Updated: Thursday, May 25, 2017

IBM Security QRadar Version Upgrade Guide IBM

Third-Party Network Devices with Scripting Service in the SRC Network

Junos Pulse Secure Access Service

Junos Pulse Secure Access Service

Silk Performance Manager Installation and Setup Help

UPGRADE GUIDE. Log & Event Manager. Version 6.4

Installing JSA Using a Bootable USB Flash Drive

Junos Pulse. Client Customization Developer Guide. Release 5.0. Published: Copyright 2013, Juniper Networks, Inc.

Mac OS X Quick Start Guide

Clearswift SECURE Gateway Installation & Getting Started Guide. Version 4.3 Document Revision 1.0

Pulse Secure Desktop Client Release Notes

IBM Security QRadar Version 7 Release 3. Community Edition IBM

WinCollect User Guide

Adaptive Log Exporter Users Guide

Juniper Secure Analytics Quick Start Guide

Clearswift SECURE Gateway Installation & Getting Started Guide. Version Document Revision 1.0

IBM Security QRadar SIEM Version 7.2. Installation Guide

SRX 5600 and SRX 5800 Services Gateway Routing Engine Installation Instructions

SETTING UP A JSA SERVER

One Identity Management Console for Unix 2.5.1

CBA850 3G/4G/LTE Wireless WAN Bridge Application Guide

EX2500 Ethernet Switch 3.0 Release Notes

Performing an ObserveIT Upgrade Using the Interactive Installer

Setting Up the DR Series System as an NFS Target on Amanda Enterprise 3.3.5

Clearspan Hosted Thin Call Center R Release Notes JANUARY 2019 RELEASE NOTES

NetIQ Privileged Account Manager 3.5 includes new features, improves usability and resolves several previous issues.

NN Nortel Communication Server 1000 Linux Platform Base and Applications Installation and Commissioning

Juniper Secure Analytics

APAR PO06620 Installation Instructions

Upgrading the Server Software

Junos Pulse Mobile Security Gateway

IBM Single Sign On for Bluemix Version December Identity Bridge Configuration topics

HySecure Quick Start Guide. HySecure 5.0

Polycom RealPresence Resource Manager System

JSA Common Ports Lists

Junos Space Network Management Platform

Unless otherwise noted, all references to STRM refer to STRM, STRM Log Manager, and STRM Network Anomaly Detection.

Security Director. Security Director Installation and Upgrade Guide. Modified: Copyright 2018, Juniper Networks, Inc.

Dell Storage Integration Tools for VMware

Setting Up the Dell DR Series System as an NFS Target on Amanda Enterprise 3.3.5

Subscriber Management in a Wireless Roaming Environment

PCMM Devices in an SRC-Managed Network

Security Director. Security Director Installation and Upgrade Guide. Modified: Copyright 2017, Juniper Networks, Inc.

Junos Pulse Mobile Security Gateway

Security Director. Security Director Installation and Upgrade Guide. Modified: Copyright 2018, Juniper Networks, Inc.

Dell Storage Compellent Integration Tools for VMware

SonicWall Secure Mobile Access SMA 500v Virtual Appliance 8.6. Getting Started Guide

vmx Getting Started Guide for Microsoft Azure Release 17.4 Modified: Copyright 2018, Juniper Networks, Inc.

Junos Pulse Access Control Service Release Notes

Bomgar Vault Server Installation Guide

Nortel Quality Monitoring. Maintenance Guide NN

Stealthwatch System Version 6.10.x to Update Guide

Red Hat Virtualization 4.2

Dell DL4300 Appliance Release Notes

EMC Ionix Network Configuration Manager Version 4.1.1

Veritas System Recovery 18 Management Solution Administrator's Guide

Transcription:

Juniper Secure Analytics Patch Release Notes 7.3.0 January 2018 7.3.0.20171205025101 patch resolves several known issues in Juniper Secure Analytics (JSA). Contents Administrator Notes.................................................. 2 Installing 7.3.0 Patch 7................................................ 3 Part 1. Staging Files and Pretesting your Deployment (required)............... 4 Part 2. Installing the JSA 7.3.0 ISO on the Console Appliance................. 6 Part 3. Installing the JSA 7.3.0 ISO on all other Managed Hosts................ 7 Part 4. Installation Wrap-up........................................... 8 Clearing the Cache................................................... 9 Known Issues and Limitations......................................... 10 Resolved Issues..................................................... 10 Feedback............................................ 10 Requesting Technical Support......................................... 10 Self-Help Online Tools and Resources............................... 11 Opening a Case with JTAC......................................... 11 Revision History..................................................... 11 1

JSA Patch Release Notes Administrator Notes About this Upgrade These instructions are intended to assist administrators with updating appliances from JSA 2014.8 to JSA 7.3.0 patch 7 using an ISO file. This ISO can update JSA, JSA Risk Manager, JSA Vulnerability Manager products from 2014.8 to version 7.3.0 Patch 7. These instructions inform administrators how to update their deployment to the latest version. If you have a software installation, need the latest memory requirements, or are making use of off-board storage, it is recommended that you review the Juniper Secure Analytics Upgrading JSA to 7.3.0 Guide to prevent issues. JSA 7.3.0 uses an ISO file to update hosts to the latest software version. A minimum of JSA 2014.8.r2 patch (or later) is required to be able to upgrade to JSA 7.3.0 Patch 7. Each host must be updated individually, this includes HA secondary appliances. 1. This update includes a change to how login authentication works for fallback LDAP, Radius, or Active Directory on administrator accounts. If the external authentication server is unavailable, not all administrators will be able to fall back to their local administrator passwords without a configuration change. This change was implemented in JSA 7.3.0 or later. If you have already address this issue in a previous 7.3.0 update, then this message can be ignored. 2. TLS v1.0 and TLSv1.1 is disabled in this release and connections to the user interface for legacy browsers might be rejected. 3. WinCollect agents at version 7.2.2-2 or older use TLSv1.0 and TLS v1.1 connections to upgrade agents, which is disabled in JSA 7.3.0 (all patch version). Administrators with managed WinCollect agents must upgrade to WinCollect 7.2.5 before installing JSA 7.3.0 Patch 7. WinCollect 7.2.5 is a pre-requisite for JSA 7.3.0. Stand-alone WinCollect agents are not impacted by this requirement. 4. Customized routes or static routes configured manually in JSA are not preserved after the upgrade to JSA 7.3.0 completes. 5. Any iptables rules configured by the administrator should be reviewed and noted for clean up post installation. The interface names have changed in JSA 7.3.0 due to the Red Hat Enterprise 7 operating system updates and administrators who reference interfaces will need to update iptables rules manually. 6. You must be on JSA 2014.8.r2 or later to upgrade to JSA 7.3.0 Patch 7. 7. The upgrade from JSA 7.3.0 will use a.iso file. In the past, support has stated that ISOs are for new appliance installs only, but JSA 7.3.0 is going to be an exception to this rule because of the Red Hat kernel update requirements. 8. Each HA appliance must be updated individually using the ISO file. The SFS file is capable of allowing the primary appliance to update the secondary, but the ISO file does not support this functionality. If you run the ISO setup on an HA primary, you should wait for the update to complete, then run the setup on the HA secondary. 9. There is no patch All option as JSA 7.3.0 uses an ISO file to upgrade. The ISO must be mounted to the appliance and run locally on each host. 2

Installing 7.3.0 Patch 7 10. The 7.3.0 upgrade will take longer than expected due to the kernel changes to Red Hat 7 Enterprise. Early upgrade customers are reporting 2 to 2.5 hours to upgrade the Console appliance. Administrators should be aware of this longer time frame to plan their maintenance windows. 11. Utilities or custom scripts that power users might have created for their JSA deployment should be copied off of the system. During the 7.3.0 update a warning is displayed that only data in /store is going to be preserved. After the appliance reboots, any scripts, 3rd party accounts, or utilities in /tmp, or /, or /root will be deleted. This does not impact ISO files mounted initially using /root as the this clean up only occurs later in the installation procedure. Current JSA Version Upgrades to JSA 7.3.0 Patch 7? JSA 2014.6 (any patch level) or earlier No JSA 2014.7 (any patch level) No JSA 2014.8 No JSA 2014.8.r2 or later Yes, the latest ISO can upgrade directly to JSA 7.3.0 Patch 7. Use these release notes to complete this process. JSA 7.3.0 to JSA 7.3.0 Patch 6 No, JSA 7.3.0 users should use the SFS file to upgrade JSA 7.3.0 systems to JSA 7.3.0 Patch 7. See the JSA 7.3.0 Patch 7 SFS release notes. Installing 7.3.0 Patch 7 on page 3 Part 1. Staging Files and Pretesting your Deployment (required) on page 4 Part 2. Installing the JSA 7.3.0 ISO on the Console Appliance on page 6 Installing 7.3.0 Patch 7 Ensure that you take the following precautions: Back up your data before you begin any software upgrade and verify that you have recent configuration backups that match your existing Console version. If required, take an on demand configuration backup before you begin. For more information about backup and recovery, see the Juniper Secure Analytics Administration Guide. HA appliances should have primaries in the online state and secondary as standby for their HA pair status. If you have off-board storage configured, see the Juniper Secure Analytics Upgrading JSA to 7.3.0 Guide as there are special instructions for administrators with /store using off-board storage. If you installed JSA as a software install using your own hardware, see the Juniper Secure Analytics Upgrading JSA to 7.3.0 Guide for partition information. 3

JSA Patch Release Notes WinCollect 7.2.5 is a pre-requisite for JSA 7.3.0 and all managed agents must be updated. Stand-alone WinCollect agents are not impacted by this requirement. All appliances in the deployment must be at the same software and patch level in the deployment. Verify that all changes are deployed on your appliances. The update cannot install on appliances that have changes that are not deployed. To avoid access errors in your log file, close all open JSA webui sessions. If you are unsure of the IP addresses or hostnames for the appliances in the deployment, run the utility /opt/qradar/support/deployment_info.sh to get a.csv file with information about the JSA deployment. The CSV file will contain a list of IP addresses for each managed host. If you are unsure of how to proceed when reading these instructions or the documentation, it is best to ask before starting your upgrade. If there are messages you do not understand or want to discuss further, you can open an SR with Juniper Customer Support. Administrator Notes on page 2 Part 1. Staging Files and Pretesting your Deployment (required) on page 4 Part 2. Installing the JSA 7.3.0 ISO on the Console Appliance on page 6 Part 1. Staging Files and Pretesting your Deployment (required) It is important that administrators pretest their deployment to ensure that they will not experience unexpected issues when updating to JSA 7.3.0. A pretest is a common precaution that should be taken by all administrators before they install an update to locate potential issues. The pretest does not restart services and can be completed without scheduled downtime. The pretest typically takes between 3 to 5 minutes to complete on each appliance. If for some reason your SSH session is disconnected, you can reconnect to the remote host using screen. The pretest should be completed on all hosts by the administrator before you attempt to upgrade to JSA 7.3.0. 1. Download the JSA 7.3.0 ISO (3.8 GB) from the Juniper Support website. 2. Using SSH, log in to your Console as the root user. 3. Type the following command: screen 4. To make the directory for the update, type: /opt/qradar/support/all_servers.sh -k mkdir -p /media/cdrom umount /media/cdrom" 4

Part 1. Staging Files and Pretesting your Deployment (required) 5. To verify you have enough space (4 GB) in /tmp for the ISO on all appliances, type: /opt/qradar/support/all_servers.sh -k df -h /root /var/log tee diskchecks.txt Best directory option: /root It is available on all appliance types, is the best option to host the ISO file. 2nd best directory option: /var/log This directory is available on all appliances, but there might not be the required space available. DO NOT USE: /tmp, /store/tmp, or /store/transient for your ISO upgrade. These directories are partitioned as part of the upgrade and administrators cannot use them as storage locations or mount points for the ISO file. If the disk check command fails, retype the quotation marks from your terminal, then re-run the command. This command returns the details to both the command window and to a file on the Console named diskchecks.txt. Review this file to ensure that all appliances have at minimum 4 GB of space available in a directory to copy the ISO before attempting to move the file to a managed host. If required, free up disk space on any host that fails to have less that 4 GB available. Reminder: Utilities or custom scripts that administrators have created for JSA should be copied off of the system. During the 7.3.0 update a warning is displayed that only data in /store will be preserved. Therefore, scripts, third party utilities in /tmp, or /, or /root will be deleted during the upgrade. 6. If there is not 4 GB of space in /root or /var/log, the administrator must make directory space for the ISO file. 7. Using WinSCP or SCP, copy the ISO to the /root or /var/log directory on the JSA Console with 4 GB of disk space for the ISO file. 8. To copy the files to all appliances, type: /opt/qradar/support/all_servers.sh -k -p /root/jsa7.3.0.patch7.iso -r /root 9. To mount the ISO on all appliances, type the following command: /opt/qradar/support/all_servers.sh -C -k mount -o loop /root/jsa7.3.0.patch7.iso /media/cdrom" 10. To pretest the Console appliance, type: /media/cdrom/setup -t The pretest output will be written to the command window. Review this output after the pretest completes. 11. Using SSH, open an SSH session to the other appliances in your deployment. JSA Support recommends that all administrators run the pretest on each host to identify issues before the update begins. 12. To pretest the managed host, type: /media/cdrom/setup -t 5

JSA Patch Release Notes Result If an appliance in your deployment fails the pretest, the administrators can take the recommended action from the pretest utility. The issue must be resolved before the update to 7.3.0 begins to prevent downtime for specific appliances. If there are messages you do not understand or want to discuss further, you can open an SR with Juniper Customer Support. Part 2. Installing the JSA 7.3.0 ISO on the Console Appliance on page 6 Part 3. Installing the JSA 7.3.0 ISO on all other Managed Hosts on page 7 Part 4. Installation Wrap-up on page 8 Part 2. Installing the JSA 7.3.0 ISO on the Console Appliance These instructions guide administrators through the process of upgrading an existing JSA install at 2014.8.r2 patch or later to JSA software version 7.3.0. The update on the Console must be completed first, before you attempt to update any managed hosts to JSA 7.3.0. You must complete: Part 1. Staging Files and Pretesting your Deployment (required) on page 4 before you begin the installation steps listed below. 1. Using SSH, log in to the Console as the root user. 2. To run the ISO installer on the Console, type the following command: /media/cdrom/setup NOTE: Upgrading from JSA 2014.8.r2 patch or later to JSA 7.3.0 should take approximately 2 hours on a Console appliance. 3. Wait for the Console primary update to complete. 4. For HA appliances. If you have an HA Secondary, you can now update the secondary appliance. 5. Open an SSH session to the HA Console secondary. 6. Type the following command to update the secondary Console: /media/cdrom/setup 7. Wait for the HA Console secondary to complete the update. Result 6

Part 3. Installing the JSA 7.3.0 ISO on all other Managed Hosts A summary of the ISO installation advises you of any issues. Part 3. Installing the JSA 7.3.0 ISO on all other Managed Hosts on page 7 Part 4. Installation Wrap-up on page 8 Clearing the Cache on page 9 Part 3. Installing the JSA 7.3.0 ISO on all other Managed Hosts After the Console and Console HA secondary are updated to JSA 7.3.0, then the rest of the deployment can updated. There is no order required for updating specific appliance types after the Console is updated. Administrators can update Event Processors, Event Collectors, flow processors in any order. You must open an SSH session to each host to run the setup command. The all_servers.sh utility is not supported for parallel ISO installations. Administrators can start the ISO update in parallel on multiple hosts, if they are not HA pairs. Administrators with appliances that are HA pairs must upgrade the primary appliance first, then the secondary managed host. You must complete: Part 1. Staging Files and Pretesting your Deployment (required) on page 4 before you begin the installation steps listed below. 1. Using SSH, log in to the Console as the root user. 2. Open an SSH session to each managed host and type the following command: /media/cdrom/setup NOTE: Upgrades for managed hosts should take approximately 1.5 hours. 3. Wait for the managed host update to complete. 4. For HA appliances. If you have an HA Secondary, you can now update the secondary appliance. 5. Open an SSH session to the manage host HA secondary. 6. Type the following command to update the secondary: /media/cdrom/setup 7. Wait for the HA Console secondary to complete the update. Result 7

JSA Patch Release Notes A summary of the ISO installation advises you of any issues. If there are no issues, administrators can now run the ISO setup on the Console HA secondary appliance, if you have an HA pair. If you do not have a Console in HA, you can then start SSH sessions to each host and run the setup in parallel. Part 4. Installation Wrap-up on page 8 Clearing the Cache on page 9 Known Issues and Limitations on page 10 Part 4. Installation Wrap-up 1. After all hosts are updated, administrators can send an email to their team to inform them that they will need to clear their browser cache before logging in to the JSA. 2. To unmount the /media/cdrom directory on all hosts, type: /opt/qradar/support/all_servers.sh -C -k umount /media/cdrom" 3. Administrators can delete the ISO from all appliances. 4. Administrators who use WinCollect agents version 7.2.6 or latest must reinstall the SFS file on the JSA Console. This is due to issues were the ISO replaces the SFS on the Console with WinCollect 7.2.5. Once the system is upgrade to 7.3.x, the same version of WinCollect must be reinstalled on the JSA console using the appropriate 7.3 SFS for WinCollect. To install the latest WinCollect SFS on the Console, see the WinCollect release notes. 5. Review any static routes or customized routing. As mentioned in the administrator notes, all routes were removed and will need to be reconfigured after the upgrade completes. 6. Any iptable rules configured should be reviewed as the interface names have changed in JSA 7.3.0 due to the Red Hat Enterprise 7 operating system updates. Any iptables rules that use Red Hat 6 interface naming conventions will need to be updated. Clearing the Cache on page 9 Known Issues and Limitations on page 10 Resolved Issues on page 10 8

Clearing the Cache Clearing the Cache After you install the patch, you must clear your Java cache and your web browser cache before you log into the JSA appliance. Before you begin Ensure that you have only one instance of your browser open. If you have multiple versions of your browser open, the cache might fail to clear. Ensure that the Java Runtime Environment is installed on the desktop system that you use to view the user interface. You can download Java version 1.7 from the Java website: http://java.com/. About this task If you use the Microsoft Windows 7 operating system, the Java icon is typically located under the Programs pane. To clear the cache: 1. Clear your Java cache: a. On your desktop, select Start > Control Panel. b. Double-click the Java icon. c. In the Temporary Internet Files pane, click View. d. On the Java Cache Viewer window, select all Deployment Editor entries. e. Click the Delete icon. f. Click Close. g. Click OK. 2. Open your web browser. 3. Clear the cache of your web browser. If you use the Mozilla Firefox web browser, you must clear the cache in the Microsoft Internet Explorer and Mozilla Firefox web browsers. 4. Log in to JSA. Part 4. Installation Wrap-up on page 8 Known Issues and Limitations on page 10 Resolved Issues on page 10 9

JSA Patch Release Notes Known Issues and Limitations NOTE: None. Part 4. Installation Wrap-up on page 8 Clearing the Cache on page 9 Resolved Issues on page 10 Resolved Issues The following are the resolved issues addressed in the 7.3.0 patch 7: AN ARIEL FILE LOCK ON DELETED FILES CAN CAUSE LOG ACTIVITY SEARCHING TO FAIL AND PREVENT DASHBOARD TIMESERIES LOADING. RESOLVES AN ISSUE WHERE A MISSING DIRECTORY FOR NAT.POST IPTABLES RULES COULD CAUSE APPLICATIONS TO FAIL TO INSTALL WITHOUT WRITING PROPER FAILURE MESSAGES. Part 4. Installation Wrap-up on page 8 Clearing the Cache on page 9 Known Issues and Limitations on page 10 Feedback We encourage you to provide feedback, comments, and suggestions so that we can improve the documentation. You can provide feedback by using either of the following methods: Online feedback rating system On any page of the Juniper Networks TechLibrary site at http://www.juniper.net/techpubs/index.html, simply click the stars to rate the content, and use the pop-up form to provide us with information about your experience. Alternately, you can use the online feedback form at http://www.juniper.net/techpubs/feedback/. E-mail Send your comments to techpubs-comments@juniper.net. Include the document or topic name, URL or page number, and software version (if applicable). Requesting Technical Support Technical product support is available through the Juniper Networks Technical Assistance Center (JTAC). If you are a customer with an active J-Care or Partner Support Service 10

Requesting Technical Support support contract, or are covered under warranty, and need post-sales technical support, you can access our tools and resources online or open a case with JTAC. JTAC policies For a complete understanding of our JTAC procedures and policies, review the JTAC User Guide located at http://www.juniper.net/us/en/local/pdf/resource-guides/7100059-en.pdf. Product warranties For product warranty information, visit http://www.juniper.net/support/warranty/. JTAC hours of operation The JTAC centers have resources available 24 hours a day, 7 days a week, 365 days a year. Self-Help Online Tools and Resources For quick and easy problem resolution, Juniper Networks has designed an online self-service portal called the Customer Support Center (CSC) that provides you with the following features: Find CSC offerings: http://www.juniper.net/customers/support/ Find product documentation: http://www.juniper.net/techpubs/ Find solutions and answer questions using our Knowledge Base: http://kb.juniper.net/ Download the latest versions of software and review release notes: http://www.juniper.net/customers/csc/software/ Search technical bulletins for relevant hardware and software notifications: http://kb.juniper.net/infocenter/ Join and participate in the Juniper Networks Community Forum: http://www.juniper.net/company/communities/ Open a case online in the CSC Case Management tool: http://www.juniper.net/cm/ To verify service entitlement by product serial number, use our Serial Number Entitlement (SNE) Tool: https://entitlementsearch.juniper.net/entitlementsearch/ Opening a Case with JTAC You can open a case with JTAC on the Web or by telephone. Use the Case Management tool in the CSC at http://www.juniper.net/cm/. Call 1-888-314-JTAC (1-888-314-5822 toll-free in the USA, Canada, and Mexico). Revision History For international or direct-dial options in countries without toll-free numbers, see http://www.juniper.net/support/requesting-support.html. January 2018 for the JSA Release 7.3.0 Patch 7 ISO Copyright 2017 Juniper Networks, Inc. All rights reserved. 11

JSA Patch Release Notes Juniper Networks, the Juniper Networks logo, Juniper, and Junos are registered trademarks of Juniper Networks, Inc. and/or its affiliates in the United States and other countries. All other trademarks may be property of their respective owners. Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice. 12

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback