When upgrading from Security Analytics 7.2.1 to 7.2.2, you may run into an issue where the cipher set becomes mismatched. This causes the sensors to lose their connection to the CMC. The sensor would show 'Not Connected' in the CMC dashboard.
Security Analytics 7.2.2 resolves a security vulnerability in the VPN connection that is used in CMC environments. Because of this change, sensors and CMCs that are running different versions of 7.2.x cannot communicate with each other until the attached security patch is applied, prior to upgrade. This patch modifies the VPN configuration so that all members of a CMC environment are using the same cipher set.
This patch is required only for customers that will not be upgrading all of the 7.2.1 devices in their CMC environment to 7.2.2 at the same time, thereby creating a
mixed 7.2.1 / 7.2.2 environment. If all devices are upgraded to 7.2.2 at the same time, a CMC and its sensors will automatically reconnect post-upgrade.
For customers that are upgrading to 7.2.2 from 7.1.x, this patch is not necessary, because upgrades from 7.1.x to 7.2.x require that the CMC VPN network be reset and recreated. Refer to the Security Analytics 7.2.1 Release Notes for complete instructions on upgrading any device from 7.1.x to 7.2.x.
Using SCP, move the attached script (NSR-29-vpn-upgrade) to the /tmp directory on all devices to upgrade: sensors and CMC.
Log in as the root user via SSH or from the console.
Verify that the script is executable by running this command: chmod +x /tmp/NSR-29-vpn-upgrade.sh
Run the script: /tmp/NSR-29-vpn-upgrade.sh
The script will update config files and restart the VPN service—which will cause the sensors to temporarily disconnect from the CMC—but they will automatically reconnect.
After the script has finished installing, you can upgrade the CMCs and their sensors according to your organization’s schedule; the CMCs and sensors will maintain connectivity across 7.2.x versions.