Sensor software and signature set upgrade using Manager 9.2

Before you begin

Task

  1. If you have not already done so, download the latest 8.7 signature set from the McAfee Network Security Update Server (Update Server).
    In the Manager, click Manager and select the root admin domain. Then select UpdatingDownload Signature Sets. See the McAfee Network Security Platform Product Guide for step-by-step information on how to download the signature set. For a list of currently supported protocols, see KB61036 at mysupport.mcafee.com. Do not push the signature set to your Sensors at this point; it will be sent with the Sensor software in step 8.
    Note: If you are using the Advanced Callback Detection feature, make sure you have downloaded the latest callback detectors to the Manager. See McAfee Network Security Platform Product Guide for the details on downloading callback detectors.
  2. If you had created McAfee custom attacks in the previous version of the Manager, verify that those attacks are present in the Custom Attack Editor.
  3. Download the most recent 9.2 Sensor software images from the Update Server onto the Manager.
    1. Click Manager and select the root admin domain. Then select UpdatingDownload Device Software.
    2. Select the applicable Sensor software version from the Software Available for Download section and click Download.
  4. To push the Sensor software to your Sensors, select Devices<Admin Domain Name>GlobalDeploy Device Software.
    The Deploy Device Software page is displayed.
  5. Select the New Version to be downloaded to the Sensor.
    Download Software to Devices page


  6. To select a Sensor for update, select the checkboxes (for the specific Sensor) in the Upgrade column.
  7. For the corresponding Sensors, select the checkboxes (for the specific Sensor) in the Reboot column.
  8. Click the Upgrade button to initiate the process.
    Note: This will push the signature set as well as the software to the Sensors.
    Signature set update could fail because of Snort custom attacks that contain unsupported PCRE constructs. In such cases, the Incompatible custom attack fault is raised in the Status page.
  9. Wait for the push to complete.
    This process takes at least 5 minutes. To know when the process is complete, log on to the Sensor and look for the following status by using the downloadstatus CLI command:
    • Last Upgrade Status: Good
    • Last Update Time: (Time should reflect when the push is complete)

    You will be prompted to reboot the Sensor upon completion of the Sensor software upgrade.

  10. Once the reboot process is complete, verify that the Sensor's operational status is up; and that it comes up with the latest software version as well as latest signature set.
    1. Click the Devices tab.
    2. Select the domain from the Domain drop-down list.
    3. On the left pane, click the Devices tab.
    4. Select the device from the Device drop-down list and click Summary.
    • Use the Performance Charts to verify the performance of the Sensors.

      This is to make sure the upgrade was successful. For information on how to check Sensor performance from Performance Charts, see McAfee Network Security Platform Product Guide.

    Important: If you have a failover pair configured, both the Sensors forming the pair should be running on the same Sensor software version. See Updating Sensor software in a failover pair.