1st always read the release notes
It does not make any sense to blindly upgrade without reading the notes. The release notes are simple & written to cover a host of issues. Here's some bits & pieces from the release notes.
2nd pay attention to the upgrade migration path and current operational OS
3rd backup your existing cfg b4 any software upgrade executions
maintenance > system> backup
4th ( optional )
Stop your fortimail from processing inbound mail-sessions. You can check the logs events to determine the last mail message process and it's disposition to ensure the mail has died down.
Alternatively you can use the graphing widget under monitor mailstatistics or the onboard packet sniffer.
You have a host of reducing these mail sessions by executing any of the following;
- closed off any SMTP ports up wind at the router/firewall
- increasing the MX priority if you have move 2 or more units install
- changing the unit mail service ports to a unused port #
NOTE: the latter is the easiest option to execute
NOTE: The upgrade process can take anywhere from 5-15mins to complete, so be patience. If you operating in server -mode expect poor to no access for users and their mailboxes. Admin access will also be slow for any new connections !
Now after you have upgraded, you need to do a few post upgrade checks. This is to ensure the unit is back to life and operational.
- 1st telnet to port 25 and validate a SMTP listener is active & do this after you re-allow inbound SMTP access if you modified ports or firewall ACLs
- 2nd send a email inbound ( check that it gets to your recipient )
- 3rd track it in the logs & the final disposition ( monitor all hits on your mail-policies )
- 4th ( optional ) use mailboxtools to ensure your not a open-relay ( http://mxtoolbox.com/diagnostic.aspx )
- 5th continual to monitor the EVENTS and AS log entries over the next 24-48 hours
I hope this posts will help you during a software upgrading for a fortimail ESA.
Ken Felix
Freelance Network/Security Engineer
kfelix -a-t socpuppets-d-o-t- com
^ ^
=( ^ ^ )=
o
/ \
No comments:
Post a Comment