Software update is an important part of maintaining high security in your network. Updates are released on regular basis with no strict schedule to allow fast updates when possible threats arise. Updates are complete system images that are downloaded by the "recovery firmware" directly to the (normally read-only) system disk (CF, USB, etc) from our update servers (account for an estimate download size of 100MB). The advantage of "complete system image" updates (that overwrites the entire system disk) is that every appliance is known to be exactly identical.
All that is necessary to update is a working Internet connection, and the process typically takes 5-10 minutes depending on internet connection speed and update method.
Before you update
I practice, performing an update is no more complicated than pressing a button in the web administration, and waiting. However, in order to be prepared for the unexpected, following the guidelines below are recommended (in case something breaks).
- Make an external backup (export; copy-paste for example) of your configuration before updating
- Dedicate a possible maintenance window of at least an hour, even though the process typically takes 5 minutes
- If you're running in a virtualised environment, take a snapshot of the machine, and merge the snapshot after verifying that it works
- Be prepared to access the video/serial console in case of failure
Standard (cached) update
If your system disk (CompactFlash, USB stick or virtual disk) is at least 1 GB, or you've attached a storage (USB or virtual) disk, it's possible to pre-download the system image before booting into the recovery OS. This is the recommended update method, especially for setups that use eg. PPPoE or other connection methods which are not available in the recovery OS.
If you're unable to use the normal (cached) update method, you can perform a streaming update. The system will reboot to the "recovery firmware" partition, erase the system partition (leaving the configuration partition intact), downloading and writing the image to the system partition while verifying its SHA256 checksum, and finally rebooting back to the newly created system partition when done, resuming normal operations.
There are three ways of initialising an update.
- From the web administration; System > Software update
- On boot, by pressing "f" (generally any key) when prompted, and then in the recovery OS console type "update" and follow the instructions
- From the CLI using the syntax:
|software-update storage||software-update storage|
|software-update stream interface dhcp-client||software-update em0 dhcp-client|
|software-update stream interface address gateway dns||software-update em0 126.96.36.199/24 188.8.131.52 184.108.40.206|