Upgrading to 4.6.3 for TLS 1.2
Enforcing TLS 1.2 requires that the following steps be followed in strict order for upgrade to succeed. Additional steps for TLS 1.2 compatibility are marked in bold.
- Remove /etc/yum.repos.d/accelops* and Run “yum update” on Collectors, Worker(s), Supervisor and to get all TLS 1.2 related libraries up to date. Follow this yum update order Collectors Worker(s)
- If your environment has a collector and it is running AccelOps 4.5.2 or earlier (with JDK 1.7), then first patch the Collector for TLS 1.2 compatibility (see here). This step is not required for Collectors running AccelOps 4.6.1 or later.
- Pre-upgrade step for upgrading Supervisor: Stop FortiSIEM (previously AccelOps) processes all Workers by running “phtools –stop ALL”.
Collectors can be up and running. This is to avoid build up of report files.
- Upgrade Supervisor following usual steps.
- If your environment has Worker nodes, Upgrade Workers following usual steps.
- If your environment has AccelOps Windows Agents, then upgrade Windows Agent Manager from 1.1 to 2.0. Note there are special pre-upgrade steps to enable TLS 1.2 (see here).
- If your environment has Collectors, upgrade Collectors following usual steps.
Setting Up the Image Server for Collector Upgrades
If you want to upgrade a multi-tenant deployment that includes Collectors, you must set up and then specify an image server that will be used as a repository for the Collector upgrade files. You can use a standard HTTP server for this purpose, but there is a preferred directory structure for the server. These instruction describe how to set up that structure, and then add a reference to the image server in your Supervisor node.
Setting Up the Image Server Directories
- Log into the image server with Admin rights.
- Create the directory images/collector/upgrade.
- Download the latest collector image upgrade file from https://images.FortiSIEM.net/upgrade/offline/co/latest4/ to images/collector/u
- Untar the file.
- Test the image server locations by entering one of the following addresses into a browser:
Setting the Image Server in the Supervisor
- Log in to your Supervisor node.
- Go to Admin > General Settings > System.
- Under Image Server, enter the URL or IP address for your image server.
- Enter the authentication credentials for your image server.
- Click Save.
Having trouble configuring your Fortinet hardware or have some questions you need answered? Ask your questions in the comments below!!! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!