Upgrade/migrate to A32.00 from a Native Linux server

1. Build your migration target

   Do the following:

   1. Choose your target type. See Choose your migration target appliance type.

   2. Build the target according to target system requirements. See Migration target system requirements

   3. Download upgrade packages from the Portal (Downloads > Software > AlgoSecSecurity Management Suite):

      1. Select Upgrade (All Deployments) and specify A32.00 version with migration to CentOS 7.

         

      2. Click Next. The Upgrade to ASMS A32.00 with Migration to CentOS 7 page appears.

         

      3. Follow steps to download all upgrade packages for all node types at one time. Build numbers must be the same for all the packages you'll use, so downloading all at once ensures that, when you upgrade, you will have everything you need when you need it.

         Tip: Save all packages to a secure location. You will need them later.

         1. Step 1: Download upgrade package for Source Server: Click to download the ASMS A32.00 base package. Click Download Selected.

            Note: The upgrade package consists of four build files:

            • fireflow-3200.0.0-bbb.x86_64.run
            • fa-3200.0.0-bbb.x86_64.run

            • algosec-appliance-3200.0.0-aaa-el6.x86_64.run
            • algosec-appliance-3200.0.0-aaa-el7.x86_64.run
         2. Step 2: Download upgrade package for Target Server: If your Target is a new AlgoSec Hardware Appliance, you can use the base upgrade package you downloaded in step 1.

            Otherwise, based on your Target Server deployment type, download the relevant upgrade package.

         3. Step 3: Download upgrade packages for other nodes: not required.

      1. On Target

         For AlgoSec hardware appliances:

         If your appliance is loaded with ASMS A32.00: Install the base upgrade package you downloaded for the source server. If your appliance is not loaded with ASMS A32.00 (that is, it is loaded with A30.10 or A32.10 or above), either: Load the Repurposed AlgoSec Hardware Appliance image to a flash drive and install in the target machine. See Install ASMS from a bootable flash drive. Then, update the build by installing the ASMS base upgrade package to the same build as the packages you downloaded in step 3. install the Repurposed AlgoSec Hardware Appliance image on the target machine via iLO. See Install ASMS with iLO 5. Then, update the build by installing the ASMS base upgrade package to the same build as the packages you downloaded in step 3.

         For virtual and host based appliances:

         Install the ASMS software package for A32.00 based on deployment type.

   4. For new appliances, follow steps in Deploy standalone appliances (not necessary for repurposed appliances).

   5. For virtual appliances: verify that the newest VMware Tools package version is installed and up-to-date. See Best practices for your AlgoSec VMware Deployment .

   6. Install the valid ASMS migration license on the target machine. See Migration target license . For instructions to install the license, see ASMS licensing.
   7. Verify the required ports are opened between source and target machine. See Required port connections. (In particular see the far right column, Central Manager (or Standalone Server) Migration).

   8. Disable any NAT configuration between source and target machines.

2. Move data to target server using backup/restore

   Note about custom scripts:

   • Before migrating to CentOS 7, all custom scripts should be located in the folder: /usr/share/fireflow/local/etc/site/lib/. If you have customizations placed in other folders, move them to /usr/share/fireflow/local/etc/site/lib/. After the migration, you can return them to their previous locations.
   • If you use custom scripts and other code that was especially made for you by the AlgoSec PS team, we recommend that you check with the AlgoSec before migrating your data to ensure that the codes migrate successfully.

   Do the following:

   1. Copy the upgrade package you saved previously to the /root/AlgoSec_Upgrade/ directory on the source server.

   2. Perform upgrade of Native Linux source:

      1. If you are not already connected to the ASMS Administration interface (algosec_conf), connect now. For details, see Connect to and Utilize the Administration Interface.

      2. From algosec_conf menu, run option 8 - Upgrade software. This upgrades the source to A32.00 (still in CentOS 6).

      3. Enter the IP address and root password of the target machine.

      4. Prerequisite checks are run on both the source and migration target machine. If errors are found, the upgrade procedure is automatically ended. Fix the errors and re-run the process.

   3. When upgrade is completed, perform a backup to the external backup server. See Backup and restore.
   4. Connect migration target to the same backup server.

   5. Perform ASMS restore from the backup server to the migration target. See Backup and restore

   6. If you are using a Syslog:

      • For a local syslog (on the Central Manager) and your target replaces the source as official machine:

        • On Target Reassign the IP address of the replaced source node to the new Central Manager (the target node). See Basic configurations.

        Note: If you do not reassign the IP, on each and every device (each firewall), redirect audit logs/traffic logs to new CM (or standalone server) IP.

      • For external syslog-ng server:
        • Upgrade Java to version 11. See Upgrade external syslog server to Java 11.
   7. If you use AutoDiscovery, migrate it now:

      Note: ASMS A32.00 connects to the new A32.00 AutoDiscovery server only, not to the old one.

      The new A32.00 AutoDiscovery server is hosted on a dedicated Remote Agent node in ASMS. See AutoDiscovery server system requirements.

      Do the following:

      1. Deploy the new AutoDiscovery server. See Deploy the AutoDiscovery server.
      2. Migrate data from the old AutoDiscovery server to the new one. See Migrate data from earlier AutoDiscovery versions.
      3. Redirect your Netflow target to the new AutoDiscovery server IP.
      4. Redefine user roles as part of ASMS. See Configure AutoDiscovery.
      5. Upgrade remote AutoDiscovery sensors, if exist, to A32.00. See Upgrade remote AutoDiscovery sensors.

Back to top

 

â Next steps:

• After the upgrade/migration