KB Article | Forcepoint Support

Problem Description

How can I upgrade the Next Generation Firewall (NGFW) both locally or remotely through Stonesoft Management Center (SMC)?


Note See Article KB9914 on how to upgrade the engine remotely using SSH.

To upgrade an engine remotely through SMC:
  1. Click the System Status icon. The System Status view opens.
  2. Right-click the node you wish to upgrade and select Commands, Go Offline.
  3. Right-click the node and select Upgrade Software.
  4. Select whether you want to transfer the upgrade for later activation, or transfer and activate now.
  5. Verify the node selection and change it, if necessary.
  6. Verify the Engine Upgrade version for the upgrade and change it, if necessary.
  7. Click OK.

    Note If you chose to activate the new configuration, you need to acknowledge a warning that the node will be rebooted. A new tab opens showing the progress of the upgrade.
To upgrade an engine locally using the Engine Installation CD-ROM:
  1. Log on to the node as root and use the password configured for the engine.
    Note You can set the password through the Management Client.
  2. Insert the engine installation CD-ROM into the engine’s CD-ROM drive.
    Newer appliances do not have CD drives. To perform this update, plug an external CD drive into the MEG Appliance's USB port.
  3. Reboot the node from the CD-ROM with the command reboot (recommended) or by cycling the power (if you cannot log in).
    Note If the node does not boot from the CD-ROM, then check whether the CD is listed first in the boot order in BIOS.
    You are prompted to select the upgrade type.
  1. Select 1 to upgrade the current installation and press ENTER to continue. The upgrade process starts.
  2. When the process is finished, remove the CD-ROM and press Enter to reboot.
  3. When the upgrade is finished, right-click the node in the Management Client and select Go Online to command the node online.
    The node can also be brought online with the command sg-cluster online on the node.

To upgrade an engine locally from a ZIP upgrade package:
  1. Log in to the node as root and use the password configured for the engine.
    Note You can set the password through the Management Client.
  2. Insert the USB stick or the CD-ROM containing the upgrade ZIP package.
  3. Run the engine Configuration Wizard:
    Type sg-reconfigure and press Enter.
  4. Using the arrow keys, select Upgrade and press Enter.
  5. Select the source media where the upgrade ZIP file is located.
  6. If you have not already done so, select Calculate SHA1 to calculate the checksum.
    Note The calculation takes some time and the result must be identical to the one from the .zip file.
  7. Select OK. The software upgrade is performed. 
  8. When prompted, press Enter. The firewall will reboot to the new version.

Article Feedback

Thank you for the feedback and comments.