Table of contents
Topics on this page
AWS Upgrade Process Management
Azure Upgrade Process Management

Managing Network Impact

Limit the impact of network disruption by completing your Network Security virtual appliance upgrade during your planned network downtime. Upgrades to your virtual appliance can be included as part of your regularly scheduled change management process.

AWS Upgrade Process Management

If you are on the AWS platform note the following caveats about upgrading your appliance:

  • Appliance versions of and 2021.4.1 and higher support in place seamless upgrade.

  • Deploying high availability (HA) Lambda function ensures that the appliance is not in line when an upgrade is triggered. If you're not using Lambda make sure that network traffic is routed around the virtual appliance before starting an upgrade. Learn more about manually enabling high availability.

  • If you are using a using a Gateway load balancer, enable HA Failover and upgrade your appliances one at a time.

  • Verify that your instance has "HALambda" function and "CloudWatchAlarmInsufficient" function, if you are not using the latest available Edge Protection Cloud Formation template. Type the function name into the search bar on the AWS Lambda Functions page to confirm availability. Learn more about High Availability functions in AWS documentation.

Azure Upgrade Process Management

Upgrade options on the Azure platform include the following:

  1. Appliance versions 2021.3 and higher support in place seamless upgrade.
  2. Single appliance without HA function: When performing an upgrade with the appliance in line, depending on your deployment, there may be network packet loss. This means the resources protected by the appliance will lose network connectivity for up to 7 minutes.
  3. Single appliance with HA function enabled: Traffic is rerouted to reduce packet loss. Inspection stops while traffic is rerouted and is reactivated once upgrade and reboot is complete. Minimum network packet loss of around 10-40 seconds occurs during upgrade. In addition, the appliance will not be inspecting traffic. Inspection capacity is restored one minute after upgrade.
  4. Virtual Machine Scale Set (VMSS) upgrade without HA function: Upgrade each appliance within your scale set environment individually. Expect traffic inspection and packet loss of 10 to 20 seconds.

Learn more about high availability in Azure.

NOTE

For further upgrade assistance, please create a support ticket.