Sensor software upgrade — Manager versus TFTP server

As indicated in the previous section, the Sensor software can be updated either from the Manager or through a TFTP server. However, if the Sensors are deployed inline in your production network, McAfee recommends updating the Sensor software using the Manager for a major upgrade (for example, from 8.1 to 9.2.)

When updating a Sensor from the Manager interface, both the Sensor software and the signature set are bundled together and transferred to the Sensor. The Sensor updates its Sensor software image, and saves the bundled signature set. When the Sensor is rebooted, it deletes the old Signature Set, and applies the saved signature set that was received along with the Sensor software image.

When updating a Sensor through TFTP, only the Sensor software is transferred to the Sensor. Once the Sensor software update is complete, reboot the Sensor. On reboot, the Sensor deletes the currently loaded signature set, and contacts the Manager for the latest signature set. Until the Sensor receives the signature set from the Manager, the Sensor cannot process traffic and raise alerts.

There will be a Sensor downtime during the Sensor software upgrade process. The downtime is longer in case of an upgrade using TFTP [when compared to using the Manager] due to the additional time required to download the signature set.

Note: Fail-open kits reduce the downtime impact of reboot considerably.