Description

These LANCOM R&S®Unified Firewall migration instructions describe how you update the firmware of your LANCOM R&S®Unified Firewall to LCOS FX 10.4 or newer.

Audience

This document is aimed at network and computer technicians who are responsible for the installation and configuration of the LANCOM R&S®Unified Firewall systems.

1. What to consider before a firmware update

Before you update the LANCOM R&S®Unified Firewall to the latest version, please note the following:

  • Make sure your hardware is supported. A list of supported devices is available in the section “Supported devices”.
  • Devices with less than 4 GB of RAM do not support all of the UTM settings at the same time.
  • If you operate two LANCOM R&S®Unified Firewalls in high availability mode, please note the following:
    • Deactivate high availability mode before you update the LANCOM R&S®Unified Firewalls to LCOS FX 10.4.
    • You have to perform the upgrade separately for each device.
    • Configure the high availability settings for both devices after the upgrade, as described in the LANCOM R&S®Unified Firewall operating manual.
  • For LCOS FX 10.2 and later, the LANCOM R&S®Unified Firewall can only be centrally managed using the LANCOM R&S®UF Command Center version 6 and later.
  • Make sure that your configuration does not require any of the settings from the section “Remote features”.
  • Some settings are not automatically transferred to the LANCOM R&S®Unified Firewall with LCOS FX 10.4. See the “Manual settings” section for further information.
  • If your configuration contains specialized backend scripts set up by the technical Support department, these have to be deactivated for the migration and then reactivated by the Support department after the migration.

1.2 Supported devices

The following devices support LCOS FX 10.4:

  • GPO150
  • GPA300/500
  • GPX850
  • GPZ1000/2500/5000
  • UTM+100/200/300/500/800/1000/2000/2500/5000
  • NP+200/500/800/1000/2000/2500/5000
  • GP-U 50/100/200/300/400/500
  • GP-E 800/900/1000/1100/1200
  • GP-S 1600/1700/1800/1900/2000
  • GP-T 10
  • UF-50/100/200/300/500/900/1000/1200/2000
  • UF-T10

1.3 Remote features

The following features are not available in LCOS FX 10.4:

  • VPN connections via PPTP
  • LAN accounting (traffic shaping)
  • VPN-SSL bridges
  • Desktop notes
  • Dynamic routing
  • Connection-specific DNS servers
  • Centralized management of the LANCOM R&S®Unified Firewall via the gateprotect Command Center. Instead, you use the LANCOM R&S®Unified Firewall Command Center.

1.4 Manual settings

The following settings are not automatically upgraded to LCOS FX 10.4. Configure these settings again after the update according to your requirements.

  • High availability
  • Monitoring
  • Quality of Service (QoS)
  • Application filter – applies to version 9.6
  • Mail proxy certificates – applies to version 9.8
  • IDS/IPS
  • HTTPS proxy certificates
  • Reverse proxy
Detailed information on the configuration of the above Settings can be found in the user manual of the current LCOS FX version.

2. Procedures

The following sections contain information on how to update your current version of the LANCOM R&S®Unified Firewall to LCOS FX 10.4:

2.1 Updating the LANCOM R&S®Unified Firewall from versions 9.6 and 9.8

  • Interruptions to the update process can cause damage to the LANCOM R&S®Unified Firewall. Do not switch off the device during the update process. Do not restart the device unless you are explicitly requested to do so.
  • Please make sure that you update your license to version V10.x before updating. You can do this in the myLANCOM Firewall License Portal.
  • If you are updating version 9.8 of the LANCOM R&S®Unified Firewall, you first configure external access to the web client (“Settings > Firewall > Security > Access”).
  • Deactivate the UTM settings if you are using a device with less than 4 GB of RAM, otherwise the upgrade may fail.
  • In the gateprotect Administration Client, open the Update Manager (“Settings > Updates”).
  • Choose “Upgrade from v9.x to 10.4.2”. Tip: If the upgrade is not included in the list, click “Update”.

You must install all patches before installing the upgrade. The installation of some patches may require the LANCOM R&S®Unified Firewall to be restarted. You will find out whether a restart is necessary in the description of the associated patches.

  • Click on “Install“.
    • The upgrade is downloaded automatically.
    • With the download complete, the LANCOM R&S®Unified Firewall restarts.
  • Depending on the device type, the integrity check of the update can take some time. The LANCOM R&S®Unified Firewall installs the updates automatically.
  • The installation can take up to 30 minutes. After the installation, the LANCOM R&S®Unified Firewall restarts automatically.
  • If that device refuses to update the firmware, this indicates that the hardware is no longer compatible with the new firmware.
  • Close the gateprotect Administration Client.

If the upgrade fails or the device restarts and the old version is still installed, look to the log files for further information.

You can find out how to access the web client of the LANCOM R&S®Unified Firewall in the section “First steps”.

If you have a device with less than 4 GB of RAM, activate the required UTM settings again. Not all UTM settings can be activated on these devices at the same time. For further information see the LCOS FX User Manual.
  • If you have access via the web client, you need to use the online update function to update the firmware to version LCOS FX 10.4.4. How to carry out an online firmware update is described in the LCOS FX User Manual (chapter “Update settings”).
After updating to LCOS FX 10.4.4, you can either stick with this firmware version or use an online firmware update to migrate to a newer LCOS FX version (e.g. LCOS FX 10.5.2).

2.2 Updating the LANCOM R&S®Unified Firewall from versions 9.4 and 9.5

The following options are available for updating from LANCOM R&S®Unified Firewall versions 9.4 and 9.5:

  • Option 1 (recommended): Install LCOS FX 10.4 from a USB stick.
  • Option 2 (not recommended): Update the LANCOM R&S®Unified Firewall to version 9.6 and then update to LCOS FX 10.4.

2.2.1 Installing LCOS FX 10.4 from a USB stick (recommended)

  • Interruptions to the update process can damage the LANCOM R&S®Unified Firewall. Do not switch off the device during the update process. Do not restart the device unless you are explicitly requested to do so.
  • Please make sure that you update your license to version V10.x before updating. You can do this in the myLANCOM firewall license portal.
  • Start the gateprotect Administration Client and create a backup of your configuration (“File > Create backup”).
  • Proceed as follows to create a bootable USB stick:
    • Insert a USB stick into your PC.
    • Enter the following URL in the address bar of your browser on your computer: https://www.mygateprotect.com. Navigate to “Downloads> Firewall (Full version)”.
  • Download the following files for LCOS FX 10.4:
    • The system image of the LANCOM R&S®Unified Firewall (ISO file)
    • The USB installation file (EXE file)
  • Select the USB installation file. The USB installation wizard opens.
  • The wizard guides you through the configuration. Please note:
    • On the page “Select the R&S Cybersecurity ISO file”, select the ISO file you downloaded earlier.
    • On the page “Select a backup file (optional)”, select the backup file that you created earlier.
  • When the message “Configuration successfully completed” appears, you have created a bootable USB stick for installing the new system image.
  • Remove the USB stick from your PC.
At no time should you connect the USB stick to a computer during the startup process. Otherwise, the USB stick will trigger an unattended installation of the LANCOM R&S®Unified Firewall. This installation will format the hard drives.
  • After the installation, reconfigure the settings that were not automatically transferred during the upgrade. See also the section “Manual settings”.

If the upgrade fails or the device restarts and the old version is still installed, look to the log files for further information. You can find out how to access the web client of the LANCOM R&S®Unified Firewall in the section “First steps”.

2.2.2 Updating the LANCOM R&S®Unified Firewall to version 9.6 and then to LCOS FX 10.4 (not recommended)

  • Repeat the steps in section 2.3 "Updating the LANCOM R&S®Unified Firewall prior to version 9.4" until you reach version 9.6.
  • Upgrade the LANCOM R&S®Unified Firewall to LCOS FX 10.4 as described in section “Updating the LANCOM R&S®Unified Firewall from versions 9.6 and 9.8”.

2.3 Updating the LANCOM R&S®Unified Firewall prior to version 9.4

  • If you operate a gateprotect firewall or a LANCOM R&S®Unified Firewall older than version 9.4, you must first update your software to version 9.4. Interruptions to the update process can damage the LANCOM R&S®Unified Firewall. Do not switch off the device during the update process. Do not restart the device unless you are explicitly requested to do so.
  • Please make sure that you update your license to version V10.x before updating. You can do this in the myLANCOM firewall license portal.
  • In the gateprotect Administration Client, open the Update Manager (“Settings > Updates”).
    Tip: If the upgrade to the next higher version is not listed, simply click on “update”. Before updating, make sure all patches are installed. To install a patch, follow the steps outlined below.
  • Select the next highest version.
  • Click on “Install“. The update will be downloaded and installed automatically.
The installation can take up to 30 minutes.
  • After the installation, close the gateprotect Administration Client. In the logout window, click the option “Restart”.
    Tip: Some patches require the system to be restarted. For further information, please refer to the corresponding patch description.
  • Every software version of the LANCOM R&S®Unified Firewall requires a particular version of the gateprotect Administration Client. You can download this from https://mygateprotect.com.
    • Go to “Downloads > Management Tools”
    • Download the installer for your version of the LANCOM R&S®Unified Firewall.
    • Install the gateprotect Administration Client.
    • Start the gateprotect Administration Client.
  • If your current software version is still older than version 9.4, repeat the above steps from step 2. Once you have reached version 9.4 you can continue with the steps in the section “Updating from LANCOM R&S®Unified Firewall versions 9.4 and 9.5”.

If the upgrade fails or the device restarts and the old version is still installed, look to the log files for further information.

3. First steps

After installing LCOS FX 10.4 you access the LANCOM R&S®Unified Firewall as follows:

  • Start your browser.
  • In the address bar of your browser, enter <IP address>:3438. Replace <IP address> with the IP address of your LANCOM R&S®Unified Firewall.
  • Create an exception for the certificate warning. The login page of the LANCOM R&S®Unified Firewall appears.
  • Here you enter the same login data that you used previously in the gateprotect Administration Client.
  • Click on “Login”.
  • After logging in, you will be asked to agree to the End User License Agreement (EULA).
  • To agree to the EULA, click "Accept & login". The web client opens.

Please remember to upload your license to the device again.

Information on the first steps with LCOS FX 10.4 and the LANCOM R&S®Unified Firewall can be found in the operating manual. You will find the operating manual under “Help” in the top right corner of the screen. It contains a general introduction to the software and detailed descriptions of the configuration dialogs.

4. Contact, Service and Support

We offer you support from the following sources:

  • LANCOM R&S®Unified Firewalls operating manual
  • Our sales partners
  • LANCOM Support

4.1 Devices that are no longer eligible for support due to their EoL status (end-of-life)

If your license is still valid and you have purchased it from Rohde & Schwarz Cybersecurity (RSCS), support depends on the term of the license. You will receive support until the license expires.

- GPO75(a) / GPO125(a) / GPA250(a) / GPA400(a) / GPA600(a) / GPX800(a)

- GPO100 / GPO110 / GPO150 / GPA300 / GPA500 / GPX650 / GPX850 / GPZ1000 / GPZ2500 / GPZ5000

- NP-S50 / NP-S100 / NP-M200 / NP-M400 / NP-L500 / NP-L800

- NP-S101 / NP-M 401 / NP-M 402 / NP-M 403

- GPO100v2 / GPO150v2 / GPA300v2 / GPA500v2 / GPX650v2 / GPX850v2 / GPZ1000v2 / GPZ2500v2 / GPZ5000v2

- UTM+100 / UTM+200 / UTM+300 / UTM+500 / UTM+800 / UTM+1000 / UTM+2000 / UTM+2500 / UTM+5000

- NP+200 / NP+500 / NP+800 / NP+1000 / NP+2000 / NP+2500 / NP+5000



All LANCOM products and software versions are subject to LANCOM Software Lifecycle Management.
You can find information on our website at https://www.lancom-systems.com/products/firmware/software-lifecycle-management

© 2019-2024 LANCOM Systems GmbH