These instructions are intended to assist administrators with updating appliances from QRadar Network Packet Capture 7.3.2 Build 5015 or later to QRadar Network Packet Capture 7.3.2 Fix Pack 5 (Build 5025) using an ISO file. These instructions cover upgrade procedures.

Enable support login (SSH)

You can restrict SSH access to specific IP addresses by configuring the SUPPORT LOGIN (SSH) widget. This capability provides specific users with remote root-level access to the system, which is useful for advanced troubleshooting and debugging.

For more information, see Enable support login (SSH)

Before you upgrade

• These instructions will upgrade existing QRadar Network Packet Capture installations. If you want to do a new install or reinstall, see IBM Docs.
• This procedure uses IBM's integrated management module (IMM). This interface must be available/configured to mount the ISO file to complete the update.
• This update must be completed during a scheduled maintenance window. While the system is updating, Network Packet Captures are not recorded as services are not started.
• Ensure that you are logged in to the QRadar Network Packet Capture appliance as an administrator.
• Your system meets the minimum hardware requirements.
• A keyboard and monitor are connected by using the VGA connection.

Completing the Install

Required files
Download the 7.3.2-QRadarPCAP-upgrade-7.3.2-5025 from IBM Fix Central: http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Other+software/IBM+QRadar+Network+Packet+Capture+Appliance&release=All&platform=All&function=fixId&fixids=7.3.2-QRadar-NETPCAP-Upgrade-5025&includeSupersedes=0&source=fc

Procedure

1. Log in to the QRadar Network Packet Capture IMM interface using your web browser.
2. Click Remote Control.
3. To start the Remote Control session, click Active X for Internet Explorer or Java for all other Browsers.
4. Click Start Remote Control in Single User Mode.
   NOTE: You should always use single user mode for remote connections for updates.
5. Verify that the Allow others to request my remote session disconnect check box is unchecked. It is not recommended to allow other users to request the active session for firmware updates.
6. From the menu, select Virtual Media > Activate.
7. From the menu, select Virtual Media > Select Devices to Mount.
8. From the Devices window click Add Image.
9. Select the QRadarPCAP-upgrade-7.3.2-5025 image and click Open.
10. Select the option with your ISO, such as CD/DVD - QRadarPCAP-upgrade-7.3.2-5025 and verify that the Mapped check box is selected.
11. Click Mount Selected.
12. Reboot the appliance.
13. When the splash menu is displayed, press <F12> Select Boot device.
14. In the Boot Devices Manager window, select the Upgrade Pandion option from the boot menu to begin the update.
15. Wait for the installation to complete.
16. After the QRadar Network Packet Capture appliance is updated, restart the appliance when prompted.

Installation wrap-up

After you have completed the upgrade, log in to IMM and select Virtual Media > Unmount All.
 

Where do I find more information?