Aventail Installation Tech Note ST v /SSL VPN version 8.9.0 Aventail, Aventail Cache Control, Aventail Connect, Aventail Connect Mobile, Aventail Connect Tunnel, Aventail End Point Control, Aventail Management Console, Aventail OnDemand, Aventail OnDemand Tunnel, Aventail Secure Desktop, Aventail Smart Access, Aventail Smart Policy, Aventail Smart SSL VPN, Aventail Smart Tunneling, Aventail ST, Aventail Unified Policy, Aventail WorkPlace, Aventail WorkPlace Mobile, Aventail EX- 750, Aventail EX-1500, Aventail EX-1600, Aventail EX-2500 and their respective logos are trademarks, registered trademarks, or service marks of SonicWALL, Inc. Other product and company names mentioned are the trademarks of their respective owners. Last modified 11/15/2007 11:43 AM
2 SonicWALL Aventail STv/SSL VPN This document describes the process of installing the SonicWALL Aventail STv (v8.9.0) platform update on an Aventail SSL VPN appliance. For a complete list of known issues from previous versions that are fixed in this release, see the Readme file. Notes Update Requirements If you changed the root password from the command-line interface (using the passwd command), it will be reset during the upgrade process. To log in to the appliance after an upgrade, enter the root password as originally specified using Setup Tool. (29312) Advanced EPC, which was new in version 8.8.0, enables you to check for the presence and status of a wide variety of personal firewall, antivirus, and antispyware protection applications. It is licensed separately and includes Aventail Secure Desktop (ASD). If you bought a license for ASD before v8.8.0, device profiles that reference it will continue to work in v8.8.0 and later. One of the following Aventail SSL VPN platform versions must currently be installed on the appliance in order to install the update: v8.8.1-191 v8.8.0-146 v8.7.0-447 v8.6.1-192 To verify the current version: 1. From the main navigation menu in AMC, click System Status. 2. Make sure that the Version number is one of the supported version numbers listed above. Obtaining the Update File from mysonicwall.com The next step is to obtain the update (.zip) file and copy it to the file system of your local computer: 1. In your Web browser, go to https://www.mysonicwall.com/ and log in with your username and password. 2. In the Downloads area, select your EX-series product Type from the drop-down list. 3. In the Available Software list, select the firmware item that corresponds to your appliance. You ll be prompted to download a file named upgrade_8_9_0_<three-digit build number>.zip file to your local computer. The.zip file contains the following files: upgrade_8_9_0_<three-digit build number>.bin (the software update) upgrade_8_9_0_<three-digit build number>.bin.md5 (the checksum for the software update file)
Installation TechNote 3 4. Using a file-extraction program such as WinZip, extract the.bin and.bin.md5 files and save them to your local computer. Note: When saving an.md5 file, a.txt file extension may be appended to the file name. If so, delete the.txt extension so that the file name ends with an.md5 extension. Verify the Downloaded Update File Installing the Update To make sure that the update was successfully transferred to your local computer, compare its checksum against the one in the.md5 file you extracted from the.zip file. To verify the MD5 checksum on your PC, use a Windows- or Java-based utility. Microsoft, for example, offers an unsupported command line utility on their site named File Checksum Integrity Verifier (FCIV): 1. At the DOS command prompt, type the following, which returns a checksum for the downloaded file: fciv <upgrade_filename>.bin 2. Open the associated.md5 file (which you downloaded from the Aventail Web site) using Notepad or another text editor: notepad <upgrade_filename>.bin.md5 3. Compare the two checksums. If they match, you can safely continue with your update. If they differ, try the download again and compare the resulting checksums. If they still don t match, contact Aventail Technical Support. To verify the MD5 checksum directly on your Aventail appliance, follow these steps: 1. Type the following command, which returns a checksum for the downloaded file: md5sum <upgrade_filename>.bin 2. Open the associated.md5 file: cat <upgrade_filename>.md5 3. Compare the two checksums. This section outlines the process of updating your system. Backing Up Your Current Configuration Before updating, you can back up the current configuration data from your appliance using the export feature in AMC. This step is optional, but recommended. 1. From the main AMC navigation menu, click Maintenance. 2. In the System configuration area, click Import/Export. 3. Click the Export button. The Export Configuration page appears, and a File Download dialog box prompts you to open the.aea file or save it to your hard drive. NOTE: On Windows operating systems, Internet Explorer may block the download of the.aea file. To work around this, click the information bar that appears beneath the Internet Explorer Address box, and then click Download File.
4 SonicWALL Aventail STv/SSL VPN 4. Click Save, browse to the correct directory on your hard drive, and then save the.aea file. 5. Click OK on the Export Configuration page to return to the Import/Export page. Installing the Update File Next, install the update through AMC. 1. From the main navigation menu in AMC, click Maintenance. 2. In the System software updates area, click Update. 3. If you have not already downloaded the update file (as described in Obtaining the Update File ), click the Web site link on the Update page in AMC and log in to download the appropriate update file to your local file system. 4. Type the path of the update file or click Browse to locate it. 5. Click Install Update. A file upload status indicator appears. If necessary, you can stop the upload process by clicking Cancel. This step may take several minutes, depending on the network connection speed. After the file upload process is complete, the update is automatically installed on the appliance. You cannot cancel this installation process. After the installation process is complete, the appliance automatically restarts. NOTE: If you changed the root password from the command-line interface (using the passwd command), it will be reset during the upgrade process. To log in to the appliance after an upgrade, enter the root password as originally specified using Setup Tool. (29312) Restoring a Configuration If the installation of the update file is interrupted or fails, restore a saved configuration (creating a backup, as described in Backing Up Your Current Configuration Changes, is highly recommended). To restore a configuration: 1. From the main navigation menu in AMC, click Maintenance. 2. In the System configuration area, click Import/Export. 3. In the File name box, type the path of the appropriate file (AventailSSLVPN- <date>-<nnn>.aea), or click Browse to locate it. 4. Click Import. To activate the imported configuration, you must apply changes. Rolling Back to a Previous Version From AMC, you can undo the most recent update installed on the system. If you experience problems after completing an update, you may want to use this feature to roll back to a known state. Each time you roll back the software image, it removes the most recent system update and restores the version that existed just prior to the update. CAUTION: If you have made any configuration changes since updating the system, rolling back the software image will erase these changes.
Installation TechNote 5 Verifying the Update 1. From the main navigation menu in AMC, click Maintenance. 2. In the System configuration area, click Rollback. 3. To roll back to the version displayed on the Rollback page, click OK. After the rollback process is complete, the appliance automatically restarts and applies the changes. 4. After the appliance restarts, verify the new version number in the bottom-left corner of the AMC home page. After installing the update, verify the current version number in AMC. To verify the current version number: 5. Log in to AMC. Updating a Clustered Pair 6. From the main navigation menu, click System Status and make sure that the update succeeded by verifying that the Version number is 8.9.0-<three-digit build number>. To update the Aventail software in a cluster environment, you must install the update file on each node of the cluster at the same time. There may be some disruption to service when performing the update, so you should schedule it during a maintenance window. For more information on managing a cluster, see the Installation and Administration Guide. Note There is a restriction regarding the cluster interface IP addresses (backplane) used for communication between the two nodes in a cluster: the last octet must be between 1 and 32, inclusive. If your addresses don t meet this criterion, call Aventail Technical Support for a hotfix that will change your addresses without affecting other configuration data. This section describes how to update a cluster. 1. Log in to AMC on both the slave and master nodes. You can do this from one computer and have both AMC windows open at the same time, side by side. 2. Log in to AMC on the first node and then, from the main navigation menu in AMC, click Maintenance. 3. In the System software updates area, click Update. 4. If you have not already downloaded the update file (as described in Obtaining the Update file ), click the Web site link on the Update page in AMC and log in to download the appropriate update file to your local file system. 5. Type the path of the update file or click Browse to locate it. 6. Click Install Update. A file upload status indicator appears. If necessary, you can stop the upload process by clicking Cancel. 7. On the second node click Maintenance in the main navigation menu in AMC. 8. In the System software updates area, click Update.
6 SonicWALL Aventail STv/SSL VPN 9. Type the path of the update file or click Browse to locate it. 10. Click Install Update. A file upload status indicator appears. If necessary, you can stop the upload process by clicking Cancel. 11. Make sure that the update succeeded by verifying in AMC on both nodes that the Version number is 8.9.0-<three-digit build number>.