Upgrade/migration prerequisites

Before you start the upgrade/migration to A32.00 with CentOS 7, ensure that your system complies with the prerequisites below.

Minimum ASMS version required for the upgrade/migration

AlgoSec's upgrade/migration process to A32.00 with CentOS 7 is supported only from ASMS A30.00 and A30.10.

If you have an ASMS version earlier than A30.00, you must first perform any upgrades required to get to A30.00 or A30.10. For details, see the upgrade procedure in the Installation and Setup Guide for A30.00 or any other version you are upgrading to. These guides are available from the AlgoSec portal.

Note: Prerequisites and upgrade procedures will differ, depending on your system version.

Note: If FireFlow is currently disabled but in the past FireFlow was run on your system: If you have legacy FireFlow data on your system from a version earlier than A30.00, this data will be automatically deleted during the upgrade/migration. To retain this data, contact AlgoSec before upgrading.

  1. First, upgrade from 6.11 to 2018.2. Use the procedure in the 2018.2 Installation and Setup Guide.
  2. Then, upgrade again from 2018.2 to 30.10. For more details, see Upgrade your system for the relevant version.

Back to top

Supported deployments per architecture structure

See Supported deployments per architecture structure.

Back to top

Increased system requirements in ASMS A32.00

System optimizations in version A32.00 require additional CPU and memory specifications.

See Hardware minimum requirements.

Back to top

Disk space requirements

  1. 5 GB of disk space is required per partition (OS and data) on all appliances (not including the target node):

    • If less than 5 GB of disk space is found, the upgrade process aborts.

    • If there is less than 10 GB of disk space found (total), the upgrade process presents a warning and enables you to choose whether to continue or not.

      To cancel and run the upgrade later, enter n at the confirmation prompt.

  2. Total free disk space on source server must be more than the monitor data directory size (to get monitor data directory size, from the command line run :

    du -sh /home/afa/algosec/monitor/.

Back to top

Migration target system requirements

See CentOS 7 migration target.

Back to top

AutoDiscovery requirements

In previous versions, AutoDiscovery was managed, licensed, and installed separately from ASMS. In A32.00, AutoDiscovery is installed as part of ASMS. The AutoDiscovery server is hosted on a dedicated Remote Agent node that does not manage AFA devices.

Note: ASMS A32.00 only connects to the new A32.00 AutoDiscovery server, not with the old one.

See AutoDiscovery server system requirements.

Back to top

Licensing requirements

A migration license is required for the new migration target machine. See Migration target license .

Back to top

Downtime requirements

Upgrading will entail a certain amount of downtime depending on the number and types of advanced server configuration options you have in your system topology.

Based on your system, the migration can be done in one or more maintenance windows.

Tip: Using A32.00 build files you can perform prerequisites checks at the start the upgrade process including viewing the runtime estimation.

The following diagram shows the upgrade & migration timeline including the estimated time to do the various activities. Actual time will vary based on the size and complexity of your system.

  • Running bulk sync of reports before the first maintenance window significantly shortens the amount of downtime required.
  • If your system includes Geographic distributions, you can upgrade your whole system in one maintenance window, or you can stagger migration of Remote Agents to future maintenance windows. This is because Remote Agents running CentOS 6 can continue working with Central Managers running CentOS 7 (with the limitation that upgrades and hotfixes are disabled in hybrid CentOS 6/7 systems).

To see the migration timeline based on your system, click the boxes below to select the node types that make up your system architecture.

Back to top

Device level prerequisites

Fortinet FortiManager devices

FortiManager versions earlier than 5.2.3 are not supported. Upgrade to version 5.2.3 or above before the upgrade/migration.

For versions 5.2.3 and above, connection via SSH/SOAP is no longer supported. Before the upgrade/migration, move to REST and then analyze the device.

Back to top

Recommended upgrade prerequisites

VisualFlow recommendations for upgrades

Upgrading VisualFlow overwrites any un‐applied workflow drafts and discards all un‐applied changes.

If you have un‐applied workflow changes in VisualFlow, we recommend that you apply them before upgrading so that you don't lose any work.

Back to top