Upgrading Your Policy Enforcer Software
To upgrade to the latest release of Policy Enforcer, download and run the rpm file available from Juniper Network’s software download page. You must have a version of Policy Enforcer already installed to run the upgrade script. If you do not, download the latest software version from the Policy Enforcer software download page and follow the Policy Enforcer Installation Overview instructions.
You can upgrade only from the previous release. For example, you can upgrade from 16.1R1 to 16.1R2 or from 16.1R2 to 17.1. You cannot skip a release. For example, upgrading from 16.1R1 to 17.1R1 is not supported.
To upgrade your Policy Enforcer software to the latest release:
- Access the Policy Enforcer software download page
- Select the Software tab.
- From the Version drop-down menu, select the version you want to install.
- From under the Application Package heading, download the Policy Enforcer RPM to your Policy Enforcer virtual appliance.
- On your Policy Enforcer virtual appliance, change directory
to where you downloaded the RPM bundle and install it using the following
command:
[root@hostname~]# rpm -Uvh filename.rpm
For example:
[root@hostname~]# rpm -Uvh Policy_Enforcer-21.3R1-XXXX-PE-Upgrade.rpm
It may take a few minutes to install the RPM bundle. Once installed, the Policy Enforcer screens within Security Director and any schema changes are updated. The configuration settings you used when you deployed the Policy Enforcer VM are retained.
To verify your upgrade:
In Security Director, select Administration > PE settings. This page shows the current installed Policy Enforcer version number.
Check the log file for any errors.
(Upgrading from 16.1R1 to 16.2R1) Check the /var/log/pe_upgrade.log file for any errors. The following is an example output of the pe_upgrade.log file for a successful upgrade.
Location: /var/log/pe_upgrade.log Update text: Preparing... ########################################### [100%] 1:Policy_Enforcer ########################################### [100%] Upgrading.. root Stopping services Service: feed_scheduler Stopping service… Service stopped Service: feed_server Stopping service… Service stopped Service: config_server Stopping service… Service stopped Extracting spotlight-connector package Extracting security-common-lib package Executing sql table Copying spotlight-connector package Copying security-common-lib package Starting services Service: config_server Starting service… Service started Service: feed_server Starting service… Service started Service: feed_scheduler Starting service… Service started root Done.
(Upgrading from 17.1R1 to 17.2R1) Check the following log files for errors:
/var/log/pe_upgrade_17_2.log
/var/log/pe_upgade_17_2_3rd_party_adapter.log
/var/log/pe_upgrade_nsx.log
NSX Migration Instructions from Policy Enforcer Release 17.1R1 to 17.2R1
After successfully upgrading to Policy Enforcer Release 17.2R1
and when all the Policy Enforcer services and NSX micro service are
up and running, the administrator must run the nsxmicro_sdsn_migrate script manually. After the successful installation of the script,
the Juniper Connected Security resources such as Connector instance,
Secure Fabric, and Policy Enforcement Groups (PEG) are created for
the NSX Managers that are already discovered in Security Director.
If the Juniper Connected Security resources are already present in the upgraded version of the software, a message is displayed showing that the NSX Manager with Juniper Connected Security resources are already present in the NSX database.