This document details issues fixed by the Patch 1 for 6.5 LTS version for the Rohde & Schwarz Web Application Firewall.

Revision number: 5a8db76+b6292

Release date: July 27th, 2018

Bug fixes

Bug criticality indicators:

(error): Serious, (warning): Moderate or with workaround, (info): Low or cosmetic.

System

  • (error) DA-9633 Automatic database purge doesn't work
  • (error) DA-9666 Enabling AJP in a tunnel is not working
  • (error) DA-9670 Segfault when using mod_proxy_ajp

Monitor

  • (error) DA-8462 Monitor daemon memory leak
  • (error) DA-8875 Metrics - incorrect values in ApplianceName field

Administration interface (GUI)

  • (error) DA-9652 GUI unreachable after uploading Custom GUI certificate  

Appendix

Installation and Upgrade

Important notice to read before upgrading

  • This update will update security patterns for ICX. Default ICX configurations will be updated but user ICX configurations will not be modified, they need to be manually updated (see Security Updates).   
  • For customers upgrading from version 6.3 or 6.4 and willing to keep their security logs, they can use the log migration assistant documented in the following page: Security logs migration from 6.3 or 6.4 version to 6.5. 
     

     Be ware, ICX logs from 6.3 version and Learning/WAM logs from 6.3/6.4 versions will not be migrated due to major changes. In 6.4 version, the ICX Engine, Learning and WAM nodes has been updated to use the new log system with events (see new log format).  

     

  • Licensing changes:
    • Customers migrating from i-Suite version 5 or rWeb are required to contact their Support Center in order to upgrade the license file
    • As a reminder, a new licensing model is now available and is bound by CPU / RAM limits. Please contact your sales representative for further information.
    • All of JSON & XML features are now WSF licensed but a few exception such as JSON to Table Node.
  • Encryption of x509 private keys on disk is now handled by OpenSSL. Unfortunately, previous encrypted keys won't be supported by OpenSSL and will required to be re-uploaded after migrating to version 6.5

Configuration Backup

Before installing this version, backup any work that is in progress. Go to Management > Backups panel and backup all the configurations then download the backup file.

In case of a virtualization environment, you may also stop the virtual appliance and create a backup (snapshot) of your appliances.

Update procedure 

The following steps describe how to update the product from an version 6.X (inferior to the new version) by using the RSE system.

System requirements: The cluster has to be in a version 6.3 or 6.4 

Warning, an interruption of service will occurred. The selected Box will reboot.

Automatic snapshot

It is no more necessary to create a manual snapshot of the cluster configuration before upgrading to the 6.5 version. This snapshot is automatically created by the Management Console before the upgrade.

  1. Download the RSE file and the Administration Interface from your customer area at: https://my.denyall.com/
    1. for those upgrading from 6.4.x, use the file: RS_Web_Application_Firewall-6.5.0-20180525-release-v6-5-0-aa47ecd+b5834-6.4_to_6.5.rse
    2. for those upgrading from 6.3, use the file: RS_Web_Application_Firewall-6.5.0-20180525-release-v6-5-0-aa47ecd+b5834-6.3_to_6.5.rse
  2. Install the new Administration Interface and connect to the product (for more details see the Installing the Administration Interface page) 
  3. Go to Management > Backups panel and backup all the configurations then download the backup file. In case of a virtualization environment, you may also stop the virtual appliance and create a backup (snapshot) of your appliances
  4. Optional. Go to Management > Snapshots and add a manual snapshot corresponding to the current cluster configuration then download the snapshot file 
  5. Go to Management > System Updates and upload the RSE file
  6. Select the Management Box and click Install
    The Management Box must be updated first, before updating Managed Boxes
  7. Read and confirm the readme

  8. The installation process will automatically restart the Box and the user will be disconnected from the administration interface

  9. Wait for the Box to restart

  10. Repeat stages 5, 6, 7 and 8 for each managed Box, if any

  11. Perform an Apply (with Cold Restart selected) on all the configurations

Uninstall procedure

In order to roll-back to the previous installed version:

Warning, an interruption of service will occurred. The selected Box will reboot.

Snapshot restore

It is mandatory to restore a snapshot after uninstalling a RSE to remove all incompatible configurations that may persists on your environment.

  1. Go to Management > System Updates
  2. Start by uninstalling managed Boxes. Select a managed Box and click Uninstall. The Box will reboot automatically
  3. Repeat stage 2 for all managed Boxes of the cluster
  4. Repeat stage 2 for the Management Box. The uninstall process will automatically restart the Box and the user will be disconnected from the administration interface
  5. Wait for the Box to restart then log into the Management Box with the administration interface corresponding to the version
  6. Restore the latest snapshot or backup corresponding to the version
  7. Perform an Apply (with Cold Restart selected) on all the configurations

You can also restore previous snapshots in case of a virtualization environment.


  • No labels