Question & Answer
Question
How to upgrade a centrally managed Guardium system from to v9 p500 or higher from a patch level lower than p500 since SSLv3 is disabled in patch 500 and higher
Cause
SSLv3 has been disabled in version 9 patch 500 and higher. When patch 500 or greater is installed on a Central Manager (CM), this can impair connection to the units it manages.
Answer
When upgrading a centrally managed environment from a patch level lower than p500 to p500 or higher, the recommended steps are:
1. Install the patch on the CM
2. SSLv3 will then be disabled on the CM. You can check this using CLI command
show sslv3
3. Enable SSLv3 using CLI command
store sslv3 on
4. Push the patch from the Central Manager to the Managed Units and schedule the install
5. Once the patch is installed on all Managed Units, disable SSLv3 on the CM again using CLI command
store sslv3 off
Once the upgrade is complete SSLv3 should be disabled on all appliances. More detail on this can be found in the patch release notes.
Related Information
Was this topic helpful?
Document Information
Modified date:
16 June 2018
UID
swg21990446