1. Release Summary
Release Date
Purpose
2. Important Notes Before Upgrading to This Release
Upgrade to 4.2.3 is supported from 4.1.1 or later versions. 4.2.3 requires 500 Mbytes free space on the
/isd partition. To check the available free space, login as root, run "df -H /isd" and look under the
"Avail" column. If you do not have enough free space, you will get an error saying "Failed to unpack
software..." when you try to download the .pkg file.
If there is not enough free space for upgrade, please export the current configuration using
"/cfg/ptcfg", do a clean install from CD, and then import the configuration using "/cfg/gtcfg". When
configuration exported from 4.0.2 or below is imported into 4.1.1, you will lose all configured static
routes. Please see Q01158579 on how to recover the static routes.
When upgrading from 4.0.x to 4.2.3, please keep the following things in mind. 4.2.3 is a combined
L2/L3 firewall. If you have multiple ports in the same VLAN, the default behavior of 4.2.3 is to apply
the firewall policy to traffic that is bridged between the ports. This is different from the 4.0.x behavior,
which applied the firewall policy only to routed traffic. If you would like to keep the 4.0.x behavior,
please disable L2 firewall processing on these VLANs using the "/cfg/net/vlan <n>/l2fw" CLI item
after upgrade. After upgrade from 4.0.x, please make sure the accelerators are configured by running
"/info/det". If an error is reported, please see Q01157140 to recover.
For information on CRs # Q01158579 and Q01157140 please refer to 4.1.x Read Me.
Upgrade procedure is the same as mentioned under
Readme section.
Hitless Upgrade
If you have a high availability setup, consisting of 2 accelerators and 2 or more directors, you can
upgrade the cluster with virtually no downtime. To start the hitless upgrade process, please use
"/boot/software/hitless/activate" command from CLI. For hitless upgrade to work smoothly, make
sure the following conditions are met.
• Both the active and backup accelerators should have all the network links up.
• Do not disconnect any network cables or reboot any accelerator or director while hitless upgrade is
in progress.
Hitless upgrade works by upgrading one side of the cluster first, then failing over traffic to that side and
upgrading the other side. Hitless upgrade will pause after upgrading one side and wait for you to re-
establish the trust and push the policy to the upgraded side before failing over to that side. Stateful
©2007-2008 Nortel Networks Limited
:
August 2008
:
Software maintenance release to address customer software issues .
NORTEL SWITCHED FIREWALL 6000 Series
"Procedure to upgrade from
Software Release 4.2.3
CLI" section in 4.2.2
1