Upgrading TufinOS 3.x to 4.30 - In-Place Appliances

Upgrade TufinOS 3.x to 4.30 on your existing Gen 3.5 and Gen 4 Tufin Appliances.

If you have a multi-node cluster, all Appliances must be upgraded in-place.

If you have remote collector clusters, first upgrade the Central Cluster, and then repeat for each remote collector cluster. For more information on Remote Collector clusters, see Remote Collectors.

If you have worker nodes, you will need to upgrade them first.

During the TufinOS upgrade there will be some downtime. Installing TufinOS 4 on the node will erase all data and server configurations.

Prerequisites

NFS

TufinOS 4.x does not support NFS on this TOS release. NFS is supported from R23-2 PHF2.0.0 and later.

To use NFS for external backups:

  1. Install NFS 4 on your backup server

  2. Upgrade TOS

  3. Upgrade TufinOS

Follow the instructions in the relevant knowledge center.

Alternatively, you can switch to local storage or one of the cloud storage options.

General Requirements

  1. This procedure must be performed by an experienced Linux administrator with knowledge of network configuration.

  2. For data nodes only. Make sure you do not have unsupported LVM Volume Groups:

    [<ADMIN> ~]$ sudo vgdisplay --noheadings -C -o vg_name | grep -qs -v "[\t ]*VolGroup0[12]$" && echo "You cannot uppgrade."
    sudo vgdisplay --noheadings -C -o vg_name | grep -qs -v "[\t ]*VolGroup0[12]$" && echo "You cannot uppgrade."

    If the output returns "You cannot upgrade.", do not use the upgrade method in the boot menu to upgrade to TufinOS 4.30. Perform a Clean Install.

    If you receive no output, proceed with the next step below.

  3. For data nodes only. Make sure your /var/log partition is large enough:

    [<ADMIN> ~]$ sudo lsblk | grep "MOUNTPOINT\|/var/log$"
    sudo lsblk | grep "MOUNTPOINT\|/var/log$"

    If the output returns a partition size of 400 MB or less, do not perform this upgrade procedure. Perform a Clean Install.

Tufin Appliance Requirements

  • Check which appliance you have:

    [<ADMIN> ~]$ sudo su -
    [<ADMIN> ~]# dmidecode -t chassis | grep "Version:"
    Version: T800
  • Supported Tufin Appliances:

  • Generation

    Model

    Standard Configuration

    HA Configuration

    Gen 4 (End-of-sale) T-800 Supported Supported
    Gen 4 (End-of-sale) T-1200 Supported Supported

    Gen 3.5 (End-of-sale)

    T-1100XL

    Supported

    Supported

    Gen 3.5 (End-of-sale)

    T-1100

    Not Supported (worker node only)

    Not Supported

TufinOS Requirements

  • USB installations:

    For the TufinOS installation, only two USB devices should be connected to the appliance:

    • USB keyboard

    • TufinOS USB installation thumb drive.

  • Serial console installations:

    If you are installing TufinOS on a gen 4 or gen 3.5 appliance via a serial cable connected to a PC, use the following settings:

    • Baud Rate: 57600

    • Data bits: 8

    • Stop bits: 1

    • Parity: None

    • Flow Control: None

    • Terminal type: VT100

Downloads

  1. Download the TufinOS 4.30 installation package from the Download Center.

    • For a Tufin appliance, download the usb image file.

  2. USB installations. Create a USB key for installing TufinOS on appliances.

  3. RMM installations. Extract the TufinOS image from its archive.

    [<ADMIN> ~]$ sudo tar xzvf <FILENAME>.tgz
    sudo tar xzvf <FILENAME>.tgz

    The run file name includes the release, version, build number, and type of installation.

    TufinOS USB file example: TufinOS-4.30-4368238-x86_64-Final.usb.img

  4. RMM installations. Verify the integrity of the TufinOS installation package.

    [<ADMIN> ~]# sha256sum -c TufinOS-X.XX-XXXXXX-x86_64-Final.usb.img.sha256
    sha256sum -c TufinOS-X.XX-XXXXXX-x86_64-Final.usb.img.sha256

    The output should return OK

Preliminary Preparations

  1. If you are running a multi-node cluster, get a list of your nodes.

    [<ADMIN> ~]$ sudo tos cluster node list
    sudo tos cluster node list

Upgrade Worker Nodes

Repeat these steps for each worker node.

  1. Install TufinOS

Upgrade the Data Node

  1. Upgrade TufinOS