Traps upgrade 4.1.3 to 4.2.3

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Traps upgrade 4.1.3 to 4.2.3

L1 Bithead

We are upgrading traps using this process.

 

First Uninstall Traps in Control panel then requires password.

Next is use the traps cleaner then requires password.

then lastly install a new Traps agent 4.2.3.

 

Some of the servers are requiring are reboot and some are not. These are the OS of servers were gonna upgrade.

Could someone help me to know what is the effect of not rebooting and rebooting the server after the fresh install?

 

FYI: We are using autofac/HPSA to upgrade, We cant use the ESM server to upgrade due to version issues

 

These are the version

Microsoft Windows Server 2008 R2 Enterprise

windows_2003_r2_server_standard_edition_service_pack_2

windows_2008_r2_server_enterprise_edition_x64_service_pack_1

windows_2008_r2_server_standard_edition_x64_service_pack_1

windows_2012_r2_server_datacenter_edition_x64

windows_2012_r2_server_standard_edition_x64

windows_2016_server_datacenter_edition_x64

windows_2016_server_standard_edition_x64

1 accepted solution

Accepted Solutions

for upgrades to the 4.2.x range, There is an upgrade plan:

https://docs.paloaltonetworks.com/traps/4-2/traps-endpoint-security-manager-new-features/upgradedown...

https://docs.paloaltonetworks.com/traps/4-2/traps-endpoint-security-manager-new-features/upgradedown...

ESM Upgrade Considerations
You can upgrade to ESM 4.2 from any ESM 3.4 or any later release.
Traps Upgrade Considerations
 
  • Beta participation
    —If you participated in the Traps beta program, you cannot upgrade from the Traps 4.2 beta version to a Traps 4.2 release.
 
  • Windows XP, Windows Server 2003, Windows Server 2008, and Windows Vista
    —Action rules are not supported to upgrade the Traps agent on these operating systems. Use GPO, SCCM, or another alternate method of deploying the Traps software.
 
  • Other Windows operating systems
    —Due to the Digital Signature requirements for Traps agent 4.2.1 and later releases, you must first upgrade Traps to Traps 4.1.5 or 4.2.0 before you can use action rules to upgrade to 4.2.2 or a later release. You can also use the MSI installer to manually upgrade Traps to Traps 4.2.2 or a later release.
    Traps 4.1.5-h1 is a hotfix release to support macOS 10.14 and does not contain any updates for Windows agents. To upgrade Windows agents to Traps 4.2.1, you must first upgrade the Traps agents to the non-hotfix release package 
    ClientUpgradePackage-4.1.5.37365.zip
     (release date: 07/28/2018) or to the 4.2.0 release using the upgrade package 
    ClientUpgradePackage-4.2.0.36348.zip
     (release date: 06/25/2018).
 
  • Mac operating systems
    —To upgrade Mac agents to Traps 4.2.2 or a later release, you can upgrade from any earlier version including the Traps 4.1.5 hotfix release 
    package ClientUpgradePackage-4.1.5.37365-h1.zip
     (release date: 10/03/2018).
    To use Traps on macOS 10.14
    , you must install the ESM and Traps versions before upgrading the operating system:
     
  • Upgrade the ESM to 
    4.2.1-h2
     or a later release.
  •  
  • Upgrade the Traps agent to Traps 
    4.2.1-h3
     or a later release using one-time action rules or the deployment method of your choice.
  •  
  • Upgrade the Mac endpoint to macOS 10.14.
  •  
    If you upgraded the operating system or Traps agent in a different order, you must uninstall and reinstall the Traps agent on the endpoint either using a third-party deployment tool such as JAMF or manually.
 

View solution in original post

7 REPLIES 7

L4 Transporter

@RichardP11  Is there a specific reason to use traps cleaner as a second step? when using traps cleaner the reboot is required to completely unload the drivers, and for final deletion of files that were in use during the time of Uninstall via cytool.

We just want to make sure that the new  fresh install traps will work normally after the uninstall. I am not sure also on this steps. Could you suggest? Is the uninstall via control panel is enough?

@RichardP11 Ideally you would use the built in upgrade. You can create a One-Time action to upgrade the endpoint. There can be several reasons an upgrade fails, most of the time it is due to the system needing a reboot, for other system configuration changes to complete. Also, Palo Alto networks Support can help through the upgrade process, should you run into any issues.

Yes We tried that on the actions to upgrade the traps. Sad to say we dont have palo alto support, We just have vendor support. 

 

I tried the actions and it just applied and never delivered. Every task  failed. So now we move on using Autofac.

I am not familiar with AutoFac, sorry. 

 

If you are having failures, you should be able to collect a set of support files and send to the vendor support team. Should they be unable to resolve the issue, they can escalate to Palo Alto Support.

 

That said, if all of the systems fail to upgrade, I would check the uninstall password being used. You can create a one-action and attempt to upgrade your own system. Should it fail, review the logs, it will generally give you an idea of the issue. If it succeeds, you can copy the one-time action and apply to more systems in your environment. 

Would that require a reboot when upgrading from ESM?

 

I remembered that Traps 4.1.3 cant handle upgrades coming from ESM. The vendor said that We should first upgrade to 4.2.X to use that feature. 

for upgrades to the 4.2.x range, There is an upgrade plan:

https://docs.paloaltonetworks.com/traps/4-2/traps-endpoint-security-manager-new-features/upgradedown...

https://docs.paloaltonetworks.com/traps/4-2/traps-endpoint-security-manager-new-features/upgradedown...

ESM Upgrade Considerations
You can upgrade to ESM 4.2 from any ESM 3.4 or any later release.
Traps Upgrade Considerations
 
  • Beta participation
    —If you participated in the Traps beta program, you cannot upgrade from the Traps 4.2 beta version to a Traps 4.2 release.
 
  • Windows XP, Windows Server 2003, Windows Server 2008, and Windows Vista
    —Action rules are not supported to upgrade the Traps agent on these operating systems. Use GPO, SCCM, or another alternate method of deploying the Traps software.
 
  • Other Windows operating systems
    —Due to the Digital Signature requirements for Traps agent 4.2.1 and later releases, you must first upgrade Traps to Traps 4.1.5 or 4.2.0 before you can use action rules to upgrade to 4.2.2 or a later release. You can also use the MSI installer to manually upgrade Traps to Traps 4.2.2 or a later release.
    Traps 4.1.5-h1 is a hotfix release to support macOS 10.14 and does not contain any updates for Windows agents. To upgrade Windows agents to Traps 4.2.1, you must first upgrade the Traps agents to the non-hotfix release package 
    ClientUpgradePackage-4.1.5.37365.zip
     (release date: 07/28/2018) or to the 4.2.0 release using the upgrade package 
    ClientUpgradePackage-4.2.0.36348.zip
     (release date: 06/25/2018).
 
  • Mac operating systems
    —To upgrade Mac agents to Traps 4.2.2 or a later release, you can upgrade from any earlier version including the Traps 4.1.5 hotfix release 
    package ClientUpgradePackage-4.1.5.37365-h1.zip
     (release date: 10/03/2018).
    To use Traps on macOS 10.14
    , you must install the ESM and Traps versions before upgrading the operating system:
     
  • Upgrade the ESM to 
    4.2.1-h2
     or a later release.
  •  
  • Upgrade the Traps agent to Traps 
    4.2.1-h3
     or a later release using one-time action rules or the deployment method of your choice.
  •  
  • Upgrade the Mac endpoint to macOS 10.14.
  •  
    If you upgraded the operating system or Traps agent in a different order, you must uninstall and reinstall the Traps agent on the endpoint either using a third-party deployment tool such as JAMF or manually.
 
  • 1 accepted solution
  • 8698 Views
  • 7 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!