Tuesday, April 22, 2014

Upgrading a Fortimail Appliance

In this blog, I will discuss some basic items to cover b4 upgrading a fortimail appliance.

1st always read the  release notes

It does not make any  sense to blindly upgrade without reading the notes. The release notes are simple & written to  cover a host of issues. Here's some bits & pieces from the release notes.

2nd  pay attention to  the upgrade migration path and current operational OS

3rd  backup your existing cfg b4 any software upgrade executions

maintenance > system> backup 

4th ( optional ) 

Stop your fortimail from processing inbound mail-sessions. You can check the logs events to determine the last  mail message process and it's disposition to ensure the mail has died down.
Alternatively you can use the graphing widget under monitor mailstatistics  or the onboard packet sniffer.

 You have a host of  reducing these mail sessions  by executing any of the following;

  •      closed off  any SMTP ports up wind at the  router/firewall
  •      increasing the   MX priority if you have move 2  or more units install
  •      changing the  unit mail  service ports to a unused port #

NOTE: the latter is the easiest option to execute

NOTE: The upgrade process can take anywhere from  5-15mins to complete, so be patience. If you operating in  server -mode expect poor to no access for users and their mailboxes. Admin access will also be slow for any new connections !

Now after you have upgraded, you need to do a few post upgrade checks. This is to ensure the unit is back to life and operational.

  • 1st telnet to port 25 and validate a SMTP listener is active & do this after you re-allow inbound SMTP access if you modified ports or  firewall ACLs

  • 2nd send a email inbound ( check that it gets to your recipient )

  • 3rd track it in the  logs &  the final disposition  ( monitor all hits on your mail-policies )

  • 5th  continual to monitor the  EVENTS and AS log entries over the next  24-48 hours
NOTE: do forget to reset your MX priority back if you did change it

I hope this posts  will help you  during a software upgrading for a fortimail   ESA.

Ken Felix
Freelance Network/Security Engineer
kfelix -a-t  socpuppets-d-o-t- com

     ^      ^
=(   ^   ^  )=
       /     \

No comments:

Post a Comment