Page tree
Skip to end of metadata
Go to start of metadata

This document details changes introduced by the 6.5.2 - Patch 1 LTS version for the R&S®Web Application Firewall.

This version is a LTS (Long Term Support).

Revision number: a27ef0079b4922d2fe5b26154524c9478bce9e13

Release date: April 2ed, 2019

Reminder of the LTS/LVS concepts:

  • Long term support (LTS): these releases are maintained and supported for at least 3 years. They include no new features. Bug fixes and security patches will be issued approximately once a quarter. They are thoroughly tested and should be used in production environments.
  • Last version support (LVS): these versions include new features and improvements. Bug fixes and security patches issued approximately twice a year. While they go through our Quality Assurance process, they should be used in production environments with caution.

Bug fixes

Bug criticality indicators:

(error): Serious, (warning): Moderate or with workaround, (info): Low or cosmetic.

PriorityIssue keySummary
(error)WAF-1301

Reverse Proxy segmentation fault using SHM Datastore Set node with many concurrent connections

Appendix

Installation and Update

Notes before update

Changes and known issues

If the update jumps more than one version (6.5.0 to 6.5.2 for example), we recommend you to read previous release notes to see changes and known issues.

For patch update, known issues will be listed in the release note from the same version as the patch.

For more details see: R&S®Web Application Firewall Release notes

Kibana customization

Custom dashboards, visualization and searches in Kibana have to be exported before the upgrade. As we improve dashboards and visualizations through versions, the entire Kibana configuration is erased by the new version after the upgrade.

Configuration can be exported in the Management > Saved Objects menu. Exported configurations can be restored after the upgrade. For more details see Logs visualization with Kibana.

Configuration Backup

Before installing this version, backup any work that is in progress. Go to Management > Backups panel and backup all the configurations then download the backup file.

In case of a virtualization environment, you may also stop the virtual appliance and create a backup (snapshot) of your appliances.

Installation procedure

For new users, we recommend to read our Get started guide to install the product.

Follow the steps hereunder to install this version of Rohde & Schwarz WAF:
  1. Download the ISO file and the Administration Interface from the customer area at: https://my.denyall.com/ 
  2. Install the product on an appliance, virtual machine or in a cloud provider. The installation is described in the Installing from ISO page
  3. Log into the TUI (Text User Interface) and set the role: Management or Managed (for more details see the Initializing the Management and Managed mode page)
  4. Repeat stages 2 and 3 for each Managed appliance, if there are any
  5. Install and connect to the Administration Interface (for more details see the Installing the Administration Interface page)
    It will be asked to temporary or permanently accept the certificate from the Management appliance (for more details see the Connection certificates page)
  6. If there are any, add Managed appliances to the cluster. Go to Setup > Boxes > Add
  7. Create request on https://my.denyall.com/ to retrieve the license. The serial number (Service Tag) of the appliance will be needed (It can be found in Setup > Boxes > Licenses, select a Box and click View). For more details, see the Request and assign a WAF license page
  8. Upload license(s) in the Setup > Boxes > Licenses panel
  9. Perform an apply of all configurations to verify that all Boxes are responding well
  10. If any backup from 5.x or 6.x, you can restore them in the Management > Backups panel

  11. Then perform an apply (with Cold Restart selected) on all the configurations

Update procedure with RSE

The following steps describe how to update the product from a version 6.5.X (inferior to the new version) by using the RSE system.

System requirements: The cluster has to be in 6.5.0 version or upper. To update in the 6.5.0 version, see Release Notes 6.5.0.

Warning, an interruption of service will occurred. The selected Box will reboot.

Automatic snapshot

It is no more necessary to create a manual snapshot of the cluster configuration before upgrading to the 6.5 version. This snapshot is automatically created by the Management Console before the upgrade.

  1. Download the RSE file and the Administration Interface from your customer area at: https://my.denyall.com/
  2. Install the new Administration Interface and connect to the product (for more details see the Installing the Administration Interface page) 
  3. Go to Management > Backups panel and backup all the configurations then download the backup file. In case of a virtualization environment, you may also stop the virtual appliance and create a backup (snapshot) of your appliances
  4. Optional. Go to Management > Snapshots and add a manual snapshot corresponding to the current cluster configuration then download the snapshot file 
  5. Go to Management > System Updates and upload the RSE file
  6. Select the Management Box and click Install
    The Management Box must be updated first, before updating Managed Boxes
  7. Read and confirm the readme

  8. The installation process will automatically restart the Box and the user will be disconnected from the administration interface

  9. Wait for the Box to restart

  10. (Only for upgrades from R&S®Web Application Firewall 6.5.0) Reconnect on GUI and change the password to match new password policy. It is recommended to also change the TUI password for dashell user at this time.
  11. Repeat stages 5, 6, 7 and 8 for each managed Box, if any

  12. Perform an Apply (with Cold Restart selected) on all the configurations

At the next connection after the update, it will be asked to temporary or permanently accept the certificate from the Management appliance (for more details see the Connection certificates page).

Update procedure with patch RSE

The following steps describe how to apply a patch on the product by using the RSE system.

System requirements: The cluster has to be in the same version as the patch.

Warning, an short interruption of service will occurred. The product services will restart (not reboot).

  1. Download the patch RSE file and the Administration Interface from your customer area at: https://my.denyall.com/
  2. Install the new Administration Interface and connect to the product (for more details see the Installing the Administration Interface page) 
  3. Go to Management > Backups panel and backup all the configurations then download the backup file. In case of a virtualization environment, you may also stop the virtual appliance and create a backup (snapshot) of your appliances
  4. Optional. Go to Management > Snapshots and add a manual snapshot corresponding to the current cluster configuration then download the snapshot file 
  5. Go to Management > System Updates and upload the patch RSE file
  6. Select the Management Box and click Install
    The Management Box must be updated first, before updating Managed Boxes
  7. Read and confirm the readme

  8. The installation process will automatically restart the product services and the user will be disconnected from the administration interface

  9. Wait for the product to restart

  10. Repeat stages 5, 6, 7 and 8 for each managed Box, if any

  11. Perform an Apply (with Cold Restart selected) on all the configurations


Uninstallation

In order to roll-back to the previous installed version:
  1. Go to Management > System Updates

  2. Start by uninstalling Managed boxes. Select a managed Box and click Uninstall. The Box will reboot automatically.

    Warning, an interruption of service will occur. The selected Box will reboot.

  3. Repeat stage 2 for all managed Boxes of the cluster.
  4. Below 6.5.1 version: while uninstalling a Managed box to a version below 6.5.1, SSL certificates between Management and Managed won't be recognized any more and you will have to use the functionality "Setup > Global Settings > Disable SSL check peer" to allow to the synchronization of Managed box version on the Management box (this make take up to one minute).

  5. Repeat stage 2 for the Management Box. You may have to refresh the System Updates View after uninstalling managed boxes.

    The uninstall process will automatically restart the Box and the user will be disconnected from the administration interface

  6. Wait for the Box to restart then log into the Management Box with the administration interface corresponding to the version.


  7. Restore the latest snapshot or backup corresponding to the version.

  8. Perform an Apply (with Cold Restart selected) on all the configurations

You can also restore previous snapshots in case of a virtualization environment.

Administration password

The new user password is still needed after uninstalling the RSE. The old password is set back only after restoring the snapshot done before the upgrade and performing an Apply of the cluster.

  • No labels