Red Hat SYSTEM 8.0 - MIGRATION GUIDE 7.X TO 8.0 Przewodnik Instalacji Pobierz pdf (Strona 7)

Upgrade Instructions  7

Upgrade Instructions: Web Security Gateway

 The Certificate Authority Tree is retained (trusted Root CA tree).

 SSLv2 is no longer enabled by default. If it is enabled prior to upgrade, the setting

is retained.

 CRL and OCSP revocation statistics (on Monitor > SSL > CRL Statistics) are

retained.

 Customized certificate failure and connect error message pages are not retained.

 SSL inbound*.log and outbound*.log files are deleted. After upgrade,

transaction logging is sent to extended.log or squid.log when the logging

subsystem is configured for “Log Transactions and Errors” or “Log Transactions

Only”. Otherwise, logging is sent to content_gateway.out.

Before upgrading:

 Content Gateway upgrades from v7.7.x to v7.8.x require an additional step to

avoid possible latency issues sometimes caused by scanning using async mode.

1. Versions older than v7.7.x should first upgrade to v7.7.x.

2. Download and install v7.7.x Hotfix 94. This hotfix adds background variables

that retain sync mode.

3. Upgrade from v7.7.x to v7.8.x. Sync mode is retained.

 Consider performing maintenance on the Incident list; remove unwanted entries.

 Note customizations to certificate failure and connect error message pages. The

code structure of the pages has changed; you cannot simply reapply (paste) the

7.7.x HTML.

User authentication

The upgrade process converts existing Multiple Realm Authentication rules into

equivalent Rule-Based Authentication rules, with some important changes in

structure.

Consolidated credential caching

There is one credential cache for both explicit and transparent proxy mode, and one

Global Authentication Options page for setting the caching method and Time-To-

Live.

During upgrade:

 (For upgrades from 7.7.x to 7.8.x) The credential cache Enabled/Disabled setting

for explicit proxy is retained from the Global Authentication Options tab. Caching

for transparent proxy traffic is always enabled.

 The Authentication Mode setting (IP address or Cookie mode) is retained from the

Transparent Proxy Authentication tab.

 The Cache TTL value is retained from Transparent Proxy Authentication tab

unless the value on the Global Authentication Options tab is not the default, in

which case the customized value is used. The cache TTL value is in minutes.

1 2 3 4 5 6 7 8 9 10 11 12 ... 43 44

Brak uwag

Red Hat SYSTEM 8.0 - MIGRATION GUIDE 7.X TO 8.0 Przewodnik Instalacji Strona 7