We have 2 proxy appliances running SGOS 6.7.5.12 and are migrating to 2 virtual proxies running SGOS 7.3.13.3. We also have 2 CAS units that the existing 6.7.5.12 proxies send Content Analysis streams to. In order to migrate the existing appliance configs/polices to the new 7.3.13.3 units we are planning to upgrade the appliances to 7.3.13.3 BEFORE we migrate the config/policies as we have been told this is the best approach (please correct me if I am wrong).
The 7.3.x admin guide says:
In previous versions of SGOS, you could configure the appliance to work in conjunction with an external content scanning service-either Symantec Content Analysis or another ICAP service-to implement a built-in Malware Scanning policy. Starting with SGOS 7.x, that functionality is replaced by the Content Security Policy.
What will happen to our CAS config? According to the docs the new Content and Access policy layers are disabled by default and you need to use the VPM to enable. We don't use the VPM (prefer the legacy java console).
I have read the upgrade/downgrade and release notes for 7.3 and did not see any other 'gotchas'. Is there anything else we should be conscious of prior to and after the upgrade? We usually push policy via the Legacy java console after a SGOS upgrade. If the NEW Access and Content Security policy layers are disabled by default should we not expect to see any errors?
Lastly, is rollback fairly straight forward? ie: tell the Proxy to use the old OS and reboot? Or is there something done to the old policy where the previous version won't recognize it?