©2007-2008 Nortel Networks Limited 1NORTEL SWITCHED FIREWALL 6000 SeriesSoftware Release 4.2.31. Release SummaryRelease Date : August 2008Purpose : Software maintenance release to address customer software issues.2. Important Notes Before Upgrading to This ReleaseUpgrade to 4.2.3 is supported from 4.1.1 or later versions. 4.2.3 requires 500 Mbytes free space on the/isd partition. To check the available free space, login as root, run “df -H /isd” and look under the“Avail” column. If you do not have enough free space, you will get an error saying “Failed to unpacksoftware…” when you try to download the .pkg file.If there is not enough free space for upgrade, please export the current configuration using“/cfg/ptcfg”, do a clean install from CD, and then import the configuration using “/cfg/gtcfg”. Whenconfiguration exported from 4.0.2 or below is imported into 4.1.1, you will lose all configured staticroutes. Please see Q01158579 on how to recover the static routes.When upgrading from 4.0.x to 4.2.3, please keep the following things in mind. 4.2.3 is a combinedL2/L3 firewall. If you have multiple ports in the same VLAN, the default behavior of 4.2.3 is to applythe firewall policy to traffic that is bridged between the ports. This is different from the 4.0.x behavior,which applied the firewall policy only to routed traffic. If you would like to keep the 4.0.x behavior,please disable L2 firewall processing on these VLANs using the “/cfg/net/vlan /l2fw” CLI itemafter upgrade. After upgrade from 4.0.x, please make sure the accelerators are configured by running“/info/det”. If an error is reported, please see Q01157140 to recover.For information on CRs # Q01158579 and Q01157140 please refer to 4.1.x Read Me.Upgrade procedure is the same as mentioned under “Procedure to upgrade from CLI” section in 4.2.2Readme section.Hitless UpgradeIf you have a high availability setup, consisting of 2 accelerators and 2 or more directors, you canupgrade the cluster with virtually no downtime. To start the hitless upgrade process, please use“/boot/software/hitless/activate” command from CLI. For hitless upgrade to work smoothly, makesure the following conditions are met.• Both the active and backup accelerators should have all the network links up.• Do not disconnect any network cables or reboot any accelerator or director while hitless upgrade isin progress.Hitless upgrade works by upgrading one side of the cluster first, then failing over traffic to that side andupgrading the other side. Hitless upgrade will pause after upgrading one side and wait for you to re-establish the trust and push the policy to the upgraded side before failing over to that side. Stateful