Security

last person joined: 10 hours ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Need to know how to update Clearpass Appliance

This thread has been viewed 18 times
  • 1.  Need to know how to update Clearpass Appliance

    Posted Jul 12, 2021 02:27 PM

    Hello,

    We got an Aruba Clearpass Appliance in version 6.9.3.130657
    We were recently noticed by our Security Team that this version got a vulnerability and that we would need to update it from the current version to the version 6.9.6.
    We will do an offline update.
    We checked how to do an update in the same major version on this page Updating Within the Same Major Version


    But it is not clarified if there is a path to follow between 6.9.3.130657 and 6.9.6
    Like for example 6.9.3.130657>6.9.4>6.9.5>6.9.6
    Is there a way to know it ?
    Also, do we need to backup the current configuration in version 6.9.3.130657 and to restore it after updating to 6.9.6, will the configuration be erased ?
    We would need to know how to properly restore a configuration from a backup file.

    Downloading the image of the version 6.9.6 from http://support.arubanetworks.com we got two .tar files, one big file and one hotfix
    If it is needed to follow the path 6.9.3.130657>6.9.4>6.9.5>6.9.6, should we install hotfixes for all intermediate patches before updating from a patch to another ?

    We would need to know what is the easiest way to roll back from one patch to another. Is it the way indicated on the page After You Update: Performing a Patch Rollback ?

    Is it the same command line to roll back from one hotfix to another than from one patch to another ?

    Thanks much in advance for your help and your time.

    Best Regards



    ------------------------------
    Julien KALUZINSKI
    ------------------------------


  • 2.  RE: Need to know how to update Clearpass Appliance

    Posted Jul 13, 2021 07:24 AM
    Hi Julien,

    You can patch directly to the latest patch release of the same major version, for example 6.9.0 to 6.9.6. If there are any hotfixes for 6.9.6 you install that one afterwards on top of the 6.9.6 release.

    You can download the software from asp.arubanetworks.com

    Upgrade the publisher first, after reboot and online again upgrade the subscribers one by one.

    Create a vmware snapshot for fast recovery (if its hypervisor based installation).
    Create a configuration backup in the GUI from publishere and subscriber
    Export your RADIUS/HTTPS certificates, just in case...
    Disable automatic cluster failover (if enabled).

    Hope this helps.

    ------------------------------
    Marcel Koedijk | MVP Guru 2021 | ACEP | ACMP | ACCP | ACDP | Ekahau ECSE | Not an HPE Employee | Opionions are my own
    ------------------------------



  • 3.  RE: Need to know how to update Clearpass Appliance

    Posted Jul 15, 2021 06:18 AM
    Hello mkk,

    Thanks for your help
    FYI we only have one appliance that we back up everyday, it is not a cluster.
    So I think that means I can update it directly to 6.9.6 and then install the hotfix.

    Best Regards

    ------------------------------
    Julien KALUZINSKI
    ------------------------------



  • 4.  RE: Need to know how to update Clearpass Appliance

    Posted Jul 15, 2021 07:11 AM
    Hi Julien,

    Thats correct.

    Before upgrade:
    • Make a VMware Snapshot for fast recovery
    • A configuration backup from the webgui for worst case issues
    • Export your HTTPS/RADIUS certificates before upgrading incase you need them for disaster recovery
    • Keep installation documents, licenses and support information by hand in case you will need them.

    ------------------------------
    Marcel Koedijk | MVP Guru 2021 | ACEP | ACMP | ACCP | ACDP | Ekahau ECSE | Not an HPE Employee | Opionions are my own
    ------------------------------