Download
Share
Print this page
  1. Manuals
  2. Brands
  3. Nortel Manuals
  4. Network Hardware
  5. 6000 Series
  6. Manual

Nortel 6000 Series Manual

Switched firewall
Hide thumbs

Advertisement

Quick Links

Download this manual
1. Release Summary
Release Date
Purpose
2. Important Notes Before Upgrading to This Release
Upgrade to 4.2.3 is supported from 4.1.1 or later versions. 4.2.3 requires 500 Mbytes free space on the
/isd partition. To check the available free space, login as root, run "df -H /isd" and look under the
"Avail" column. If you do not have enough free space, you will get an error saying "Failed to unpack
software..." when you try to download the .pkg file.
If there is not enough free space for upgrade, please export the current configuration using
"/cfg/ptcfg", do a clean install from CD, and then import the configuration using "/cfg/gtcfg". When
configuration exported from 4.0.2 or below is imported into 4.1.1, you will lose all configured static
routes. Please see Q01158579 on how to recover the static routes.
When upgrading from 4.0.x to 4.2.3, please keep the following things in mind. 4.2.3 is a combined
L2/L3 firewall. If you have multiple ports in the same VLAN, the default behavior of 4.2.3 is to apply
the firewall policy to traffic that is bridged between the ports. This is different from the 4.0.x behavior,
which applied the firewall policy only to routed traffic. If you would like to keep the 4.0.x behavior,
please disable L2 firewall processing on these VLANs using the "/cfg/net/vlan <n>/l2fw" CLI item
after upgrade. After upgrade from 4.0.x, please make sure the accelerators are configured by running
"/info/det". If an error is reported, please see Q01157140 to recover.
For information on CRs # Q01158579 and Q01157140 please refer to 4.1.x Read Me.
Upgrade procedure is the same as mentioned under
Readme section.
Hitless Upgrade
If you have a high availability setup, consisting of 2 accelerators and 2 or more directors, you can
upgrade the cluster with virtually no downtime. To start the hitless upgrade process, please use
"/boot/software/hitless/activate" command from CLI. For hitless upgrade to work smoothly, make
sure the following conditions are met.
• Both the active and backup accelerators should have all the network links up.
• Do not disconnect any network cables or reboot any accelerator or director while hitless upgrade is
in progress.
Hitless upgrade works by upgrading one side of the cluster first, then failing over traffic to that side and
upgrading the other side. Hitless upgrade will pause after upgrading one side and wait for you to re-
establish the trust and push the policy to the upgraded side before failing over to that side. Stateful
©2007-2008 Nortel Networks Limited
:
August 2008
:
Software maintenance release to address customer software issues .
NORTEL SWITCHED FIREWALL 6000 Series
"Procedure to upgrade from
Software Release 4.2.3
CLI" section in 4.2.2
1

Advertisement

loading

Related Manuals for Nortel 6000 Series

Summary of Contents for Nortel 6000 Series

  • Page 1 NORTEL SWITCHED FIREWALL 6000 Series Software Release 4.2.3 1. Release Summary Release Date August 2008 Purpose Software maintenance release to address customer software issues . 2. Important Notes Before Upgrading to This Release Upgrade to 4.2.3 is supported from 4.1.1 or later versions. 4.2.3 requires 500 Mbytes free space on the /isd partition.

  • Page 2: Platforms Supported

    NSF Accelerator 6600 EB1639130(E5) NSF Director 5016 EB1639131(E5) NSF Director 5026 Supported Check Point applications Nortel Switched Firewall 6000 Series 4.2.3 supports the following *Check Point applications: • Firewall-1® • VPN-1® • SmartDefense™ • NAT • Authentication • Content Security •...
  • Page 3 The same issue does not occur when the preferred is set to fiber and the backup to copper. Also the issue is not seen with dedicated fiber ports. The issue is resolved in the release 4.2.3 by not using the manual port settings when autoneg is set to ON. ©2007-2008 Nortel Networks Limited...
  • Page 4 The maximum upload file size from BBI is set to 160MB, which is far less than the actual size of the 4.2.2 package. This issue is resolved in the release 4.2.3 by setting the maximum allowable size of the package to 300MB from previous 160 MB. ©2007-2008 Nortel Networks Limited...
  • Page 5 This issue is resolved by checking the return type from the FDB lookup. If it returns a trunk Id, a hash is calculated on all the trunk ports upon which the egress port is selected. ©2007-2008 Nortel Networks Limited...
  • Page 6 SFDs. But synchronization is not done for all the services, for eg. It is recommended by NORTEL to turn OFF sync for services like http. In this case the behavior stated would cause the termination of the sessions, which is not an expected behavior.
  • Page 7 For other known issues, please refer to the product release notes and technical documentation available from the Nortel Technical Support web site at: http://www.nortel.com/support. Copyright © 2007 Nortel Networks Limited - All Rights Reserved. Nortel, Nortel Networks, the Nortel logo, Globemark, and Alteon are trademarks of Nortel Networks Limited.
  • Page 8 NORTEL SWITCHED FIREWALL 6000 Series Software Release 4.2.2 Release Summary Release Date : June 2008 Purpose : Software maintenance release to address customer software issues. Important Notes Before Upgrading to This Release Upgrade to 4.2.2 is supported from 4.0.1 or later versions. 4.2.2 requires 500 MBytes free space on the /isd partition.
  • Page 9 (4.2.2) can now be activated using “/boot/software/activate”. This should be done only in one SFD. The activation process will upgrade both the Nortel software and the Check Point software to the same version as a clean install from the CD. Each SFD will reboot twice (if it is a HA setup) during the upgrade process: once after the upgrade of Nortel software and again for sync to start.
  • Page 10 Upgrade to 4.2.2 from any previous version is not supported through BBI. Only CLI upgrade is supported Platforms Supported Hardware Platforms Supported MODEL # EB1639173(E5) Nortel Switched Firewall system 6416 EB1639174(E5) Nortel Switched Firewall System 6616 EB1639067(E5) + EB1639131(E5) Nortel Switched Firewall System 6426...
  • Page 11 NSF Accelerator 6600 EB1639130(E5) NSF Director 5016 EB1639131(E5) NSF Director 5026 Supported Check Point applications Nortel Switched Firewall 6000 Series 4.2.2 supports the following *Check Point applications: • Firewall-1® • VPN-1® • SmartDefense™ • NAT • Authentication • Content Security •...
  • Page 12 & backup settings. The issue is caused due to invalid updation of dual port’s flag status by MP. This issue is applicable for SFA model 6600 only. This issue is fixed in 4.2.2 release by correctly updating the flag status with the configured port settings. ©2007-2008 Nortel Networks Limited...
  • Page 13 Q01880948 When multiple gateways are configured in NSF, the following issues occur. 1. When more than 1 def gateways are configured, and when metric is changed, duplicate gateways are getting added in the Accelerator's routing table. 2. Default gateways is getting duplicated in the isd routing table ©2007-2008 Nortel Networks Limited...
  • Page 14 For other known issues, please refer to the product release notes and technical documentation available from the Nortel Technical Support web site at: http://www.nortel.com/support. Copyright © 2007 Nortel Networks Limited - All Rights Reserved. Nortel, Nortel Networks, the Nortel logo, Globemark, and Alteon are trademarks of Nortel Networks Limited.