Table of Contents
Advertisement
Upgrading firmware
Recovering from a failed upgrade
• You are using built-in or third-party firewall software, which often comes with antivirus software. To
resolve the issue, disable the software before launching Netflash.
Contacting the UTM Firewall device to begin the upgrade – Now the Netflash utility attempts to
2
contact the UTM Firewall via the Web interface. It performs an HTTP post to fill out the Web upgrade page
to specify the local PC you are upgrading from as a TFTP server.
• If you disabled the Web admin port on the LAN interface, the upgrade will fail.
• If you changed the Web admin port from the default of 80, you will be prompted for the new Web admin
port.
• If you have any client proxy or socks software on your PC (Microsoft Proxy Client or similar), you will
be prompted for the Web admin port because the upgrade software will be unable to contact the UTM
Firewall directly. To resolve the issue, disable or remove any such client proxy or socks software.
• If you have IDB enabled with TCP port 80 as a TCP port to be detected, the upgrade will fail. To resolve
the issue, you need to temporarily disable IDB.
Checking firmware version and compatibility, transferring firmware to UTM Firewall device –
3
Now the Netflash utility attempts to start a TFTP server on the local PC.
• If you already have a TFTP server installed and active, or if you are performing the upgrade without
suitable administrative rights, the TFTP server will be unable to start.
• If you are using inbuilt or third-party firewall software, which often comes with antivirus software, the
UTM Firewall may be unable to contact the TFTP server on your PC. To resolve the issue, temporarily
disable the software.
The UTM Firewall device upgrade begins – The LEDs on the front panel of the unit flash back and
4
forth to indicate the upgrade is in progress.
Recovering from a failed upgrade
Note:
Read this topic before requesting an RMA from technical support.
If the Heartbeat (or H/B) LED is not flashing 20–30 seconds after power is supplied, the appliance is unable
to boot correctly. This is usually because the firmware inside the appliance has been written incorrectly or
incompletely, or in rare cases it may have become corrupt.
In this situation, a recovery boot reprograms the appliance to bring it back to a usable state. If you are
running Windows, this can be done using Netflash (netflash.exe); otherwise, you have to set up a BOOTP
(DHCP) server. Both procedures are outlined below.
•
Recovery using Netflash
•
Recovery using a BOOTP server
Alternatively, if you are recovering an SG560U, you can recover the UTM Firewall device using the recovery
image stored in the boot flash. See
Recovery using Netflash
The Netflash executable is located in the \tools directory on the UTM Firewall CD, or it can be downloaded
from my.securecomputing.com.This is a Windows program that automates the recovery procedure. Be sure
to read the release notes before attempting the recovery.
To recover your UTM Firewall appliance using netflash.exe, two files are required: The recovery image
(.sgr) used to recover the appliance, and the firmware image (.sgu) appropriate for your appliance. They
are available in the \images directory of the UTM Firewall CD that shipped with your appliance, or can be
downloaded from my.securecomputing.com.
McAfee UTM Firewall 4.0.4 Administration Guide
Recovery using the boot recovery
image.
379
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
