Articles in this section

See more

Manually Update FireMon Servers

Avatar
Zach Pruitte
  • Updated
Follow

Beginning with FMOS v8.21, updates cannot be applied to systems running a version that is three or more minor versions behind. For example, FMOS v8.21 cannot be installed on a machine that is currently running a version prior to v8.18. If updating from a version that is three (or more) minor versions behind the current version, please contact support@firemon.com to obtain information of a valid update path. During the update process, all FireMon Security Intelligence Platform components will be stopped and connectivity will be terminated. Please consider updating the FireMon server(s) during periods of low product use to minimize the effects of this loss of connectivity.

 

Gathering information from Support and obtaining FMOS ISO Upgrade files

  • To upgrade FMOS server(s), please create a ticket via User Center, noting current FMOS version in the event a tiered upgrade is appropriate, and a FireMon Support engineer will follow-up with appropriate next steps and applicable ISO files.
  • Please provide a list of FMOS server(s) with the roles they hold, to ensure we provide valid upgrade steps based on the current deployment structure. To verify server roles, run the following via CLI, along with the verification for hardware specs on that server. Please provide this along with the FQDN of the server:
more /etc/firemon/fm_roles
fm_roles_command.png

fmos hardware
fmos_hardware.png

df -h
df_command.png

lsblk | grep "sda "
sda.png 

*Based on the information provided, a Health and Architecture Review may be
required to ensure the current environment is compatible with new FMOS versions.
  1.  The ISO file will be provided in the ticket that the customer created, and the customer will place this in /var/tmp on the applicable FMOS server using SCP or an FTP utility (CLI credentials).
  2. At the prompt, the customer will type the following command, replacing <filename> with the name of the ISO file that they downloaded: fmos update <filename>.iso
  3. The customer will be guided through the upgrade process.
  4. The customer will be asked to reboot the server. Type Y at the prompt to start the reboot process.
  5. For a distributed (multi-server) environment please reference the "Distributed Environment" instructions provided below.

 

Before installing any updates - If upgrading between major versions, (such as from 8.24.x -> 8.25.x follow step 1. However, if upgrading between minor versions, (such as from 8.25.8 to 8.25.10), skip to step 2.

1. Export and delete any custom controls and associated assessments you have configured since installing FireMon. To export a control or assessment, select the action icon mceclip0.png to the right of the control/assessment and select 'Export' and save this to a file for use following the upgrade. If you have not created custom controls, no change is required to the default controls or assessments. Once all servers are upgraded, you can import the exported controls by browsing to Administration>Compliance>Controls >import>select the file you exported previously. For Assessments, browse to Administration>Compliance>Assessments>import>>select the file you exported previously. Please create a Support request if you have any questions regarding this control and/or assessment import and functionality testing thereafter.

2. Reference the /var/lib/backup/firemon directory, and ensure the customer has a recent backup and transfer this most recent completed backup to an off-server location. Reference file size to ensure it is completed and consistent with previous backups in that directory. 

Transfer the backup from the server to a secure location using SCP or an FTP utility such as WinSCP or FileZilla (Using CLI Credentials). Please verify the md5 checksum prior to and post transfer to ensure the integrity of the backup (reference md5 command below). *To SCP the backup file to another server:

scp backup_filename username@ServerFQDN:/path/to/StoreFile
scp.png

We do not recommend performing an upgrade unless the customer have a current back-up from the Database server. This will verify file integrity by running an md5 checksum against that backup file.

md5sum backupfilename
md5.png

The customer can begin this backup process manually by running the following command:

fmos backup

The command above will generate a backup in the /var/lib/backup/firemon directory

In case you observe any permission issue in accessing /var/lib/backup/firemon directory than you need to update the user account permission to be a backup operator. You can run fmos user grant-privileges on server CLI and follow the prompt to update the permission. 

Also, It is recommended to generate the backup from the account which has the backup operator permission even though we are creating the backup under /var/tmp directory or any other directory.

For a distributed environment  install the update in the following order. 

  1. Database Server(In case of Multi-DB Setup - First Upgrade Secondary Database Server and then proceed with the Primary Database Server)
  2. Application Server (one at a time if multi-AS)
  3. Data Collector (upgrade simultaneously)


Prerequisite: Prior to upgrading the Database server put the application server(s) into maintenance mode. At the prompt, type the following command: 

fmos maintenance begin
maintenance_begin.png

Once the Database Server is upgraded, take the Application Servers out of Maintenance mode and upgrade (1 at a time if multi-AS environment).

The customer will not need to place the Database or Data Collector servers in maintenance mode.

fmos maintenance end
maintenance_end.png

FOR FMOS v8.25.x or below -fmos update /var/tmp/ISOfilename.iso 
For FMOS v9 - fmos update /var/tmp/filename.gpg 
update2.png

*If reboot does not occur automatically following upgrade, reboot manually
using the command below, and enter 'y' to continue:

fmos reboot
reboot.png

Please note that all servers should be running the same version after the upgrade and all servers in the environment should be upgraded one at a time, with exception to deployments with multiple Data Collectors, as they can be upgraded simultaneously.

 

For a single server environment proceed with the following steps as normal. 

1. Upgrade the single server, with no maintenance mode required, following the prompts as needed.

To update the current FMOS server, complete the following steps after transferring the iso file to /var/tmp on the applicable single server and follow the prompts.

FOR FMOS v8.25.x or below -fmos update /var/tmp/ISOfilename.iso 
For FMOS v9 - fmos update /var/tmp/filename.gpg 
update2.png

*If reboot does not occur automatically following upgrade, reboot manually
using the command below, and enter 'y' to continue:

fmos reboot
reboot.png

 

Related articles

Comments

0 comments

Article is closed for comments.