Release Notes R&SWeb Application Firewall 6.5.5 (EN) - Rohde & Schwarz
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
Release Notes R&S®Web Application Firewall 6.5.5 (EN) © 2020 Rohde & Schwarz GmbH & Co. KG Rohde & Schwarz Cybersecurity SAS Parc Tertiaire de Meudon 9-11 Rue Jeanne Braconnier 92366 Meudon FRANCE TEL: +33 1 46 20 96 00 FAX: +33 1 46 20 96 02 E-mail: info-fr.cybersecurity@rohde-schwarz.com Internet: http://www.rohde-schwarz.com/cybersecurity R&S® is a registered trademark of Rohde & Schwarz GmbH & Co. KG. Trade names are trademarks of the owners.
R&S®Web Application Firewall 6.5.5 (EN) – Release Notes
Table of Contents
1 Major Enhancements ........................................................................................................................... 4
1 Cloud Automation for Google Cloud Platform ........................................................................................................ 4
2 System improvement and optimization.................................................................................................................. 4
3 JSON API Response time ...................................................................................................................................... 5
4 Workflow enhancement ......................................................................................................................................... 5
1 External Redis datastore.................................................................................................................................... 5
2 DataStore Redis command ................................................................................................................................ 6
2 Minor Enhancement ............................................................................................................................. 8
1 Ability to choose a static scoringlist ...................................................................................................................... 8
2 User scoring computation node provides user score result.................................................................................... 8
3 Security exceptions view improvement.................................................................................................................. 8
4 System improvements........................................................................................................................................... 9
1 SSH connection cryptography changes ............................................................................................................. 9
2 Components upgrade ........................................................................................................................................ 9
5 JSON API New endpoints ...................................................................................................................................... 9
1 Management of Certificates Bundles................................................................................................................. 9
6 Behavior changes................................................................................................................................................ 10
3 Bug Fixes.............................................................................................................................................11
4 Known Issues......................................................................................................................................13
1 Security............................................................................................................................................................... 13
2 Sitemap............................................................................................................................................................... 13
3 WAM ................................................................................................................................................................... 13
4 Migration from rWeb ........................................................................................................................................... 14
5 Monitoring........................................................................................................................................................... 14
6 Configuration ...................................................................................................................................................... 14
5 Appendix .............................................................................................................................................15
1 Installation and Update........................................................................................................................................ 15
1 Notes before update........................................................................................................................................ 15
2 Kibana customization ...................................................................................................................................... 15
3 Configuration Backup ...................................................................................................................................... 15
4 Installation procedure...................................................................................................................................... 15
5 Update procedure............................................................................................................................................ 16
6 Uninstall procedure ......................................................................................................................................... 17
2
R&S®Web Application Firewall 6.5.5 (EN) – Release Notes
This document details changes introduced by the 6.5.5 version for the R&S®Web Application Firewall.
This is an update of the 6.5 LTS version (Long Term Support).
Revision number: 37be352-b13898
Release date: 18 February 2020
For more information about LTS/LVS concept, please read the page: Product Life Cycle1
1 https://my.appsec.rohde-schwarz.com/cycle-produits.php
3
R&S®Web Application Firewall 6.5.5 (EN) – Release Notes
1 Major Enhancements
1 Cloud Automation For Google Cloud Platform
Following the integration with Amazon Web Services2 (6.5.3) and Microsoft Azure3 (6.5.4), this release adds Google
Cloud Platform4 compatibility. It enables accelerated WAF deployment via Terraform template whereby new instances
of R&S®Web Application Firewall are automatically created as and when required. R&S®Web Application Firewall
automatically scales with the size of the workloads in the GCP: it scales up to handle peaks of traffic, and back down
when traffic returns back to normal. The user can benefit from virtually unlimited scalability without realizing the extra
work.
This feature translates to the new capability to mix license types: "Bring Your Own Licenses" (BYOL) available
permanently to handle the usual traffic demand and "Pay-as-you-go" (PAYG) instances created by GCP virtual machines
to handle peak loads. It guarantees the most cost-effective solution as new WAF instances are launched automatically
only when they are needed but are also terminated when they are not. To avoid exceeding the defined budget by auto-
scaling cloud WAF instances, the administrator is able to limit the maximum spend by defining a threshold.
See documentation5
2 System Improvement And Optimization
Our engineers have optimized the way that the R&S®Web Application Firewall version 6.5.5 write/handle/build and
replicate configuration files into a cluster. The result, you will gain time when Applying new configuration. This time
improvement depends of your configuration (Reverse proxies and/or the number of applications, the use of XML Bundles
or certificates Bundles, the number of workflows, how many metrics are enabled, etc.). The best-case scenario provides
an Apply time reduction of up to 70%.
Going forward the performances optimization will be integrated into each release.
Below are current examples of different configurations in R&S®Web Application Firewall version 6.5.5.
%decrease %decrease
5.5.15(s) 6.5.4(s) 6.5.5(s) 5.5.15 6.5.4
Empty configuration + apply all (restart) 33 51 45 -36% 6%
First apply all #1 (restart) 481 313 110 77% 65%
Apply all #2 (restart) 480 435 123 74% 72%
Apply all #3 (reload) 420 370 109 74% 70%
1 RP + 48 tunnels (restart) 72 75 30 58% 60%
2 https://documentation.appsec.rohde-schwarz.com/display/WAF655EN/Amazon+Web+Services
3 https://documentation.appsec.rohde-schwarz.com/display/WAF655EN/Microsoft+Azure
4 https://documentation.appsec.rohde-schwarz.com/display/WAF655EN/Google+Cloud+Platform
5 https://documentation.appsec.rohde-schwarz.com/display/WAF655EN/Google+Cloud+Platform
Major enhancements
4
R&S®Web Application Firewall 6.5.5 (EN) – Release Notes
%decrease %decrease
5.5.15(s) 6.5.4(s) 6.5.5(s) 5.5.15 6.5.4
1 RP + 48 tunnels (reload) 72 74 28 61% 62%
1 RP + 1 tunnel SSL with PKI (restart) 70 82 30 57% 63%
1 RP + 1 tunnel SSL with PKI (reload) 67 85 27 59% 68%
1 RP + 1 tunnel SSL without PKI (restart) 78 101 29 63% 71%
1 RP + 1 tunnel SSL without PKI (reload) 78 95 29 63% 69%
1 RP + 1 tunnel HTTP (restart) 67 86 29 56% 66%
1 RP + 1 tunnel HTTP (reload) 68 87 27 60% 69%
125 RP + 1167 tunnels SSL with and without 402 339 87 78% 74%
PKI (restart)
125 RP + 1167 tunnels SSL with and without 347 294 91 73% 69%
PKI (reload)
103 RP + 838 tunnels HTTP (restart) 331 275 86 74% 69%
103 RP + 838 tunnels HTTP (reload) 300 233 76 74% 67%
Because all configurations are different, we hope you will benefit from a significant improvement on your product. If not,
we suggest you to send us your configuration for an analysis to continue to find optimization paths.
3 JSON API Response Time
We have received some feedback regarding the response time of the JSON API. We have taken into account the fact that
this API response could be long depending on your configuration. To continue the work made on the core product, the
R&S®Web Application Firewall version 6.5.5 JSON API has been refactored to improve the response time. A part of this
improvement is due to the Core optimization, but the API design has been improved as well. Below is an example on the
most complete endpoint (number of sub requests linked to the tunnels to print) GET /tunnels.
6.5.4(s) 6.5.5(s) % decrease
GET /wafapi/tunnels 14.015 7.049 49,7%
1 reverse Proxy + 800 tunnels
4 Workflow Enhancement
1 External Redis datastore
The R&S®Web Application Firewall version 6.5.5 allows you to create a new datastore type: External Redis.
You will be able to define your external server Redis to handle data inside your workflows.
Major enhancements
5
R&S®Web Application Firewall 6.5.5 (EN) – Release Notes
See documentation6
2 DataStore Redis command
This node complete the "External Redis Datastore". You will be able to use the existing nodes "DataStore GET7" and
"DataStore SET8" and now this new node "DataStore Redis Command9" which allow you to write custom Redis
commands that you can forge with the workflow attributes.
This feature allows you to share data between all yours boxes or clusters or products. We think that this is a powerful
new way to develop advanced features or real time mechanisms into your workflows. Keeping in mind that this is a
developer –oriented functionality, you have to be aware how it will forge your Redis commands to prevent any injections.
You can complete this feature by using the existing SHM datastore to create a local cache mechanism if needed.
6 https://documentation.appsec.rohde-schwarz.com/display/WAF655EN/Redis+datastore
7 https://documentation.appsec.rohde-schwarz.com/display/WAF655EN/Datastore+Get
8 https://documentation.appsec.rohde-schwarz.com/display/WAF655EN/Datastore+Set
9 https://documentation.appsec.rohde-schwarz.com/display/WAF655EN/Datastore+Redis+Command
Major enhancements
6
R&S®Web Application Firewall 6.5.5 (EN) – Release Notes
Furthermore, Redis has been designed for use within a trusted private network, and does not support SSL encrypted
connections (https://redis.io/topics/security).
Some Redis command can block the workflow this is why some of them are forbidden, you will be warned in
the node or during runtime apply.
Please consult the documentation page before trying this node.
See documentation10
10 https://documentation.appsec.rohde-schwarz.com/display/WAF655EN/Datastore+Redis+Command
Major enhancements
7R&S®Web Application Firewall 6.5.5 (EN) – Release Notes
2 Minor Enhancement
1 Ability To Choose A Static Scoringlist
The R&S®Web Application Firewall version 6.5.5 provides a new default static scoring list. To allow users to update their
configuration to the newest static scoring list, we have implemented a static list selector. It will become easier to update
your configuration.
See documentation Scoringlist Update11 and See documentation Scoringlist Configuration12.
2 User Scoring Computation Node Provides User Score Result
We return the result of the computation in the workflow to allow the user to create a conditional decision node on the
value of this score to reinforce if needed some endpoints or add incremental security checks.
The default parameter name is "usersec.score" but you can customize it directly in the node.
See documentation13
3 Security Exceptions View Improvement
Columns displayed are now the name, the hostname, the path and the description.
Exception name have been reduced, it is now the event reason (no more hostname in the name)
Cosmetic improvement: disabled rules are now in grey.
See documentation14
11 https://documentation.appsec.rohde-schwarz.com/display/WAF655EN/Static+Scoringlist+update
12 https://documentation.appsec.rohde-schwarz.com/display/WAF655EN/Scoringlist+Configurations
13 https://documentation.appsec.rohde-schwarz.com/display/WAF655EN/User+Scoring+Computation
14 https://documentation.appsec.rohde-schwarz.com/display/WAF655EN/Security+Exception+Configurations
Minor enhancement
8R&S®Web Application Firewall 6.5.5 (EN) – Release Notes
4 System Improvements
1 SSH connection cryptography changes
We decided to enhance SSH connection to the WAF by authorizing only strong key algorithms and ciphers. You may
encounter connection issues if you are using non-up-to-date SSH tools.
2 Components upgrade
• Update Apache httpd to 2.4.41
• Upgrade libpcre to 8.43 from 8.32 (system)
• Update NodeJS to 8.16.2 from 8.16.1
5 JSON API New Endpoints
Warning: we have fixed two parameter's names which are now using the camelcase nomenclature.
The old parameters name will be compatible until the 6.5.7 version, but then removed. Please verify
your scripts and change the parameter's name as described below:
reverseproxy (deprecated)-> reverseProxy (new)
enableAia (deprecated) -> enableAIA (new)
1 Management of Certificates Bundles
/certificatesbundles/ (GET/POST/PATH/PUT/DELETE)
Get one or more certificates bundles informations, create a new bundle, update the bundle name, or delete
your certificate bundle
/certificatesbundles/ca (GET/POST/DELETE)
Get one or more certificate authority, upload a new one or delete an existing one in the certificate bundle
/certificatesbundles/ca/export/ (GET)
Download a certificate authority file
/certificatesbundles/crl (GET/POST/DELETE)
Get one or more Certificate Revocation List, upload a new one or delete an existing one in the certificate
bundle
/certificatesbundles/crl/export (GET)
Download a certificate Revocation List file
/certificatesbundles/ocsp (GET/POST/DELETE)
Get one or more Certificate OCSP, upload a new one or delete an existing one in the certificate bundle
/certificatesbundles/ocsp/export (GET)
Download a certificate OCSP file
Minor enhancement
9R&S®Web Application Firewall 6.5.5 (EN) – Release Notes
6 Behavior Changes
Matches regexp in decision workflow node
Before R&S®Web Application Firewall 6.5.5, when using "matches regexp" condition in the decision, the regexp
had to match until this end of value string otherwise it will not match the value.
Example:
• regexp 'abc' will not match 'abcd' value
• regexp 'abcd' or 'abc.*' will match 'abcd' value
We decide to remove this behavior to avoid misunderstanding when regexp are valid (and tested with regexp
tester tools). In version 6.5.5, the behavior will now be:
• regexp 'abc' will match 'abcd' value
• regexp 'abcd' or 'abc.*' will match 'abcd' value
10R&S®Web Application Firewall 6.5.5 (EN) – Release Notes
3 Bug Fixes
Bug criticality indicators:
: Serious, : Moderate or with workaround, : Low or cosmetic.
Priorit
y Issue key Summary
WAF-2086 Apply blocked when adding IP to bonded VLAN
WAF-2191 Apply network failure with HA Active Active
WAF-1640 Cannot apply a Tunnel using an imported certificate with option "Enable Password Encryption"
WAF-2051 Backup restoration failure when XML Bundle contains hidden files
WAF-2147 CRL automatic update does not apply tunnels and lead to expired CRL
WAF-1910 Primary IP address cannot be defined on more than one IP range on the same interface
WAF-2032 Apply fails when a subWorkflow use a "Datastore" parameter
WAF-2041 Bot Mitigation dashboard: error while loading details of "Logs by Bot Mitigation configuration"
WAF-2420 High Availability AA/AP - VIPs are not mounted on bonding + VLAN environment
WAF-2409 High Availability AA/AP - configuration file is not updated when all tunnels are disabled in a
reverse proxy
WAF-2247 High Availability AA: Incomplete balancer configuration on secondary tunnels
WAF-2009 High availability AP - invalid metrics status
WAF-2045 High Availability AA - no realserver isolation per box
WAF-2341 WAM Cookies are not retrieved when the PreAuthRequest answers 401
WAF-1782 API keys doesn't map users roles
WAF-2074 Elasticsearch is launch with 2GB memory when management box has more than 100Gb
memory
WAF-1921 HTTP/2: server header from response cannot be removed
WAF-2459 Non PCIDSS compliant TLS protocol (TLS V1.0) allowed on Administration port
WAF-2478 Dependency Wizard button doesn't work for backup restoration
WAF-1842 Kibana visualizations based on integer ranges are not working
WAF-1860 Kibana: performance average metrics values are wrong
Bug fixes
11R&S®Web Application Firewall 6.5.5 (EN) – Release Notes
Priorit
y Issue key Summary
WAF-2131 Managed-specific or management-specific metrics desactivation does not work anymore
WAF-1543 Security Exception "Resolve" can block the GUI if the rule name is too long
WAF-1907 WAF can be banned from the remote MYSQL server due to error requests
WAF-1975 "Default Policy" & "Default Policy (strict)" are in Legacy resolve mode
WAF-1410 Apply date never updated on non active objects (RP/Tunnels)
WAF-543 Backend response time higher than Total response time because of multipart form-data
requests with chuncks
WAF-2240 Custom GUI certificate is not updated after change twice
WAF-2494 Matched exception rule details are not displayed anymore in Security logs
WAF-2034 Dependences between URL mappings and load balancers are not represented
WAF-2062 Elasticsearch field values are no more searchable (partKeyMatch, partValueMatch)
WAF-2027 Monitoring needs an apply to activate analytics
WAF-2140 OCSP verification wants to be done even if disabled
WAF-2132 Regexp in decision node has to match until the end of string
WAF-2223 Remote file systems passwords are not restored
WAF-2217 Restoring a sitemap with a name that already exists breaks the restore process
WAF-2177 Scheduled task backup set to 0 on maximum backup creates no backup file
WAF-1345 Sitemap Validation event does not contain sitemap configuration name or uid
WAF-2413 Tunnel monitoring options are not filled when using wizard
WAF-1109 Workflow node forms keep values of disabled voluminous textarea fields
WAF-2030 Kibana "R&S - Application Monitoring" dashboard displays an error when no security logs
WAF-1731 SWF User Tracking - Score computation From ICX doesn't increase the score when no attacks
Bug fixes
12R&S®Web Application Firewall 6.5.5 (EN) – Release Notes
4 Known Issues
1 Security
Issue key Summary
WAF-184 Security exception doesn't work if there is no workflow context condition
WAF-694 BWSESSID cookie allows extra characters at the end of the value
WAF-707 ICX does not ignore attachments or some application/* content-types
WAF-1400 JSON error on replay when custom pattern is added to exception
WAF-1830 Resolve of sitemap validation's events from security logs doesn't work as expected
2 Sitemap
Issue key Summary
WAF-1620 Data types are not updated when you import new swagger file in sitemap
WAF-2006 Allow to use regexp in the "Name" parameter settings of a sitemap
3 WAM
Issue key Summary
WAF-503 WAM: some hashes don't work for SMS gateway
WAF-706 SAML Pack: NotBefore/NotAfter malfunction
WAF-715 WAM Application Access with NTLMv2 strips Proxy-Authorization
WAF-1113 Cannot connect LDAPS active directory with LDAP nodes
WAF-1139 Connected users view is not refreshed as expected
WAF-1436 Data Sign fails reading key for Signature
WAF-1681 Parsing failed with one special character in the Internal Store / Credentials / Password
Known issues
13R&S®Web Application Firewall 6.5.5 (EN) – Release Notes
4 Migration From RWeb
Issue key Summary
WAF-624 EAccessUriTrans multipart-form-data & auto-file-upload are not available in Blacklist engine
5 Monitoring
Issue key Summary
WAF-1273 Metrics 'monitored', 'graphed', 'consolidated' attributes are not backed-up/restored
WAF-1290 Scheduled task: Report generation inconsistency between timeframe and execution frequency
6 Configuration
Issue key Summary
WAF-401 Security Exception Rules edition: In "Workflow Context", the value disappears when typing text into
the value field and changing to "matches regexp"
WAF-522 Workflow revalidation issue with invalid subworkflows
WAF-637 WAF allows secure cookie through clear communication channel
WAF-1165 MAC address is not updated on network card replacement
WAF-1174 Second load balancer member is lost after importing load balancer configuration
WAF-1175 BWROUTEID not automatically set when importing LB with auto route option
WAF-1434 Scheduling task for exporting and deleting security log can consume too much memory in extreme
conditions and end up being interrupted by the system
WAF-1622 Security logs: error during import on large file
WAF-1640 Cannot apply a Tunnel using an imported certificate with option "Enable Password Encryption"
WAF-1682 WAM: inconsistent error message when trying to modify an internal datastore replicate
WAF-1927 Backuped Remote filesystem cannot be removed from configuration (Internal Error on GUI)
Known issues
14R&S®Web Application Firewall 6.5.5 (EN) – Release Notes
5 Appendix
1 Installation And Update
1 Notes before update
Migrating to R&S®Web Application Firewall
If you have chosen to migrate from i-Suite 5.5 or rWeb to R&S®Web Application Firewall 6.5, we invite you to read the
Migration to R&S®Web Application Firewall15 section, especially the Behavior change16 part that can require manual
modification.
Read previous release notes
If the update jumps more than one version (6.5.0 to 6.5.4 for example), we recommend you to read previous release
notes to see changes.
For more details see: R&S®Web Application Firewall Release notes17
2 Kibana customization
Custom dashboards, visualization and searches in Kibana have to be exported before the upgrade. As we improve
dashboards and visualizations through versions, the entire Kibana configuration is erased by the new version after the
upgrade.
Configuration can be exported in the Management > Saved Objects menu. Exported configurations can be restored after
the upgrade. For more details see Logs visualization with Kibana18.
3 Configuration Backup
Before installing this version, backup any work that is in progress. Go to Management > Backups panel and backup all the
configurations then download the backup file.
In case of a virtualization environment, you may also stop the virtual appliance and create a backup (snapshot) of your
appliances.
4 Installation procedure
For new users, we recommend to read our Get started19 guide to install the product.
Follow the steps hereunder to install this version of R&S®Web Application Firewall:
1. Download The ISO File And The Administration Interface From The Customer Area At: https://my.appsec.rohde-
schwarz.com/
2. Install The Product On An Appliance, Virtual Machine Or In A Cloud Provider. The Installation Is Described In The I
nstalling from ISO20 Page
15 https://documentation.appsec.rohde-schwarz.com/pages/viewpage.action?pageId=17273165
16 https://documentation.appsec.rohde-schwarz.com/display/WAF655EN/Behavior+change
17 https://documentation.appsec.rohde-schwarz.com/pages/viewpage.action?pageId=4028652
18 https://documentation.appsec.rohde-schwarz.com/display/WAF655EN/Logs+visualization+with+Kibana
19 https://documentation.appsec.rohde-schwarz.com/display/WAF655EN/Get+started
20 https://documentation.appsec.rohde-schwarz.com/display/WAF655EN/Installing+the+WAF+from+the+ISO
Appendix
15R&S®Web Application Firewall 6.5.5 (EN) – Release Notes
3. Log Into The TUI (Text User Interface) And Set The Role: Management Or Managed (For More Details See The
Initializing the Management and Managed mode21 Page)
4. Repeat Stages 2 And 3 For Each Managed Appliance, If There Are Any
5. Install And Connect To The Administration Interface (For More Details See The Installing the Administration
Interface22 Page)
It Will Be Asked To Temporary Or Permanently Accept The Certificate From The Management Appliance (For
More Details See The Connection certificates23 Page)
6. If There Are Any, Add Managed Appliances To The Cluster. Go To Setup > Boxes > Add
7. Create Request On https://my.appsec.rohde-schwarz.com/ To Retrieve The License. The Serial Number (Service
Tag) Of The Appliance Will Be Needed (It Can Be Found In Setup > Boxes > Licenses, Select A Box And Click View).
For More Details, See The Request and assign a WAF license24 Page
8. Upload License(S) In The Setup > Boxes > Licenses Panel
9. Perform An Apply Of All Configurations To Verify That All Boxes Are Responding Well
10. If any backup from 5.x or 6.x, you can restore them in the Management > Backups panel
11. Then perform an apply (with Cold Restart selected) on all the configurations
5 Update procedure
The following steps describe how to update the product from a version 6.5.X (inferior to the new version) by using the
RSE system.
System requirements: The cluster has to be in 6.5.0 version or upper. To update in the 6.5.0 version, see Release Notes
6.5.025.
Warning, an interruption of service will occurred. The selected Box will reboot.
If the update is done on a 6.5.0 version, WAF administrators and dashell user will have to update
their password on the first connection. We highly recommend to perform this step for each user.
Automatic snapshot
A snapshot of the configuration is automatically created before the upgrade.
1. Download The RSE File And The Administration Interface From Your Customer Area At: https://my.appsec.rohde-
schwarz.com/
2. Install The New Administration Interface And Connect To The Product (For More Details See The Installing the
Administration Interface26 Page)
3. Go To Management > Backups Panel And Backup All The Configurations Then Download The Backup File. In
Case Of A Virtualization Environment, You May Also Stop The Virtual Appliance And Create A Backup (Snapshot)
Of Your Appliances
4. Optional. Go To Management > Snapshots And Add A Manual Snapshot Corresponding To The Current Cluster
Configuration Then Download The Snapshot File
5. Go To Management > System Updates And Upload The RSE File
6. Select The Management Box And Click Install
The Management Box Must Be Updated First, Before Updating Managed Boxes
7. Read and confirm the readme
8. The installation process will automatically restart the Box and the user will be disconnected from the
administration interface
9. Wait for the Box to restart
21 https://documentation.appsec.rohde-schwarz.com/display/WAF655EN/
Initializing+the+Management+and+Managed+mode
22 https://documentation.appsec.rohde-schwarz.com/display/WAF655EN/Installing+the+Administration+Interface
23 https://documentation.appsec.rohde-schwarz.com/display/WAF655EN/Connection+certificates
24 https://documentation.appsec.rohde-schwarz.com/display/WAF655EN/Request+and+assign+a+WAF+license
25 https://documentation.appsec.rohde-schwarz.com/display/WAF650EN/Release+Notes+6.5.0
26 https://documentation.appsec.rohde-schwarz.com/display/WAF655EN/Installing+the+Administration+Interface
Appendix
16R&S®Web Application Firewall 6.5.5 (EN) – Release Notes
10. (Only For Upgrades From R&S®Web Application Firewall 6.5.0) Reconnect On GUI And TUI Then Change The
Password To Match New Password Policy. It Is Recommended To Also Change The TUI Password For Dashell
User At This Time.
11. Repeat stages 5, 6, 7 and 8 for each managed Box, if any
12. Perform an Apply (with Cold Restart selected) on all the configurations
At the next connection after the update, it will be asked to temporary or permanently accept the certificate from the
Management appliance (for more details see the Connection certificates27 page)
6 Uninstall procedure
In order to roll-back to the previous installed version:
1. Go To Management > System Updates
2. Start by uninstalling Managed boxes. Select a managed Box and click Uninstall. The Box will reboot
automatically.
Warning, an interruption of service will occur. The selected Box will reboot.
3. Repeat Stage 2 For All Managed Boxes Of The Cluster.
4. Below 6.5.1 version: while uninstalling a Managed box to a version below 6.5.1, SSL certificates between
Management and Managed won't be recognized any more and you will have to use the functionality "Setup >
Global Settings > Disable SSL check peer" to allow to the synchronization of Managed box version on the
27 https://documentation.appsec.rohde-schwarz.com/display/WAF655EN/Connection+certificates
Appendix
17R&S®Web Application Firewall 6.5.5 (EN) – Release Notes
Management box (this make take up to one minute).
5. Repeat stage 2 for the Management Box. You may have to refresh the System Updates View after uninstalling
managed boxes.
The uninstall process will automatically restart the Box and the user will be disconnected
from the administration interface
6. Wait for the Box to restart then log into the Management Box with the administration interface corresponding to
the version.
Appendix
18R&S®Web Application Firewall 6.5.5 (EN) – Release Notes
7. Restore The Latest Snapshot Or Backup Corresponding To The Version.
Appendix
19R&S®Web Application Firewall 6.5.5 (EN) – Release Notes
8. Perform An Apply (With Cold Restart Selected) On All The Configurations
You can also restore previous snapshots in case of a virtualization environment.
Administration password
The new user password is still needed after uninstalling the RSE. The old password is set back only
after restoring the snapshot done before the upgrade and performing an Apply of the cluster.
Appendix
20About Rohde & Schwarz Cybersecurity
Rohde & Schwarz Cybersecurity is a leading IT security company that protects digital assets of companies and
public institutions around the world against cyberattacks. The IT security expert provides innovative data
protection solutions for cloud environments, advanced security for websites, web applications and web services
as well as network encryption, desktop and mobile security. To prevent cyberattacks proactively, the trusted
security solutions are developed according to the security-by-design approach.
About Rohde & Schwarz
Rohde & Schwarz is a leading supplier of solutions in the fields of test and measurement, broadcast and media,
aerospace | defense | security and networks and cybersecurity. The technology group's innovative
communications, information and security products help industry and government customers ensure a safer and
connected world. On June 30, 2019, Rohde & Schwarz had about 12,100 employees. The independent group
achieved a net revenue of EUR 2.14 billion in the 2018/2019 fiscal year (July to June). The company is
headquartered in Munich, Germany, and has subsidiaries in more than 70 countries, with regional hubs in Asia
and America.
R&S® is a registered trademark of Rohde & Schwarz GmbH & Co.KG.
Appendix
21Germany France
Rohde & Schwarz Cybersecurity GmbH Rohde & Schwarz Cybersecurity SAS
Mühldorfstraße 15 Parc Tertiaire de Meudon
81671 München 9-11 Rue Jeanne Braconnier
92366 Meudon
TEL: +49(0)30 65 884 – 222 TEL: +33 1 46 20 96 00
FAX: +49(0)30 65 884 – 223 FAX: +33 1 46 20 96 02
Contact: info-fr.cybersecurity@rohde-schwarz.com
https://www.rohde-schwarz.com/cybersecurity
Release Notes - Copyright 2020 by Rohde & Schwarz GmbH & Co. KG. All Rights Reserved.
R&S® is a registered trademark of Rohde & Schwarz GmbH & Co. KG. Trade names are trademarks of the owners.You can also read
