Upgrading a CEQURUX Firewall or VPN Gateway to version 4.1.16
=============================================================

This document describes how to upgrade a CEQURUX Firewall or VPN Gateway
from version 4.1.x to version 4.1.16

The procedure described here will probably also work for upgrading
from version 4.0.x to version 4.1.16, but a complete installation
from CD-ROM is recommended.

Upgrading from Citadel Firewall/VPN version 3.x or older requires a
complete installation from CD-ROM, and is not covered here.

Upgrading from version 4.1.x to version 4.1.16
----------------------------------------------

  * Files needed for upgrade

    You will need the following file:

        upgrade-4.1.16.tgz

    In addition, you will probably want to read the change list:

        CHANGES-4.1.16.TXT

    The following file is necessary only if you use the "squid" web
    proxy, and you wish to upgrade it, and the squid-2.4.cequrux4.1.7
    package is not already installed (say as part of a previous firewall
    upgrade).  You can use the "pkg_info -a" command to check what
    version of squid is installed on your firewall.  It's normal for the
    last few digits of the squid version number to be different from the
    firewall version number.

        squid-2.4.cequrux4.1.7.tgz

    If you have these files on CD-ROM, then go to the step labeled
    "Mounting files from CD-ROM".  Otherwise, you will have to FTP the
    files, so go to the step labeled "Fetching files via FTP".

* Mounting files from CD-ROM

    If you have the necessary upgrade files on CD-ROM, then login as
    root on the firewall, insert the CD-ROM into the drive, and issue
    the command

        # mount /cdrom

    from the shell prompt.  The files should now be accessible in the
    /cdrom directory.

    Now go to the step labeled "Upgrading once all files are available".

  * Fetching files via FTP

    If you need to fetch the upgrade files via FTP, follow this
    procedure:

      + Using binary mode FTP, fetch all the necessary files from
        ftp://ftp.za.cequrux.com/pub/CEQURUX/4.1.16/ to a machine inside
        your firewall.  The complete URLs for the files are:

            ftp://files.za.cequrux.com/CEQURUX/4.1.16/CHANGES-4.1.16.TXT
            ftp://files.za.cequrux.com/CEQURUX/4.1.16/upgrade-4.1.16.tgz
            ftp://files.za.cequrux.com/CEQURUX/4.1.16/squid-2.4.cequrux4.1.7.tgz

      + Then FTP the files from the machine you used in the above step
        to a suitable directory on your firewall.  The /pub/incoming
        directory is usually convenient.  Remember to use binary mode
        FTP.

    After you have FTPd all the files onto your firewall, go to the step
    labeled "Upgrading once all files are available".

  * Upgrading once all files are available

    Once you have all the necessary files on your firewall (either
    because you mounted them from a CD-ROM or because you copied them
    via FTP), you can begin the upgrade process.

    During the upgrade process, many of the firewall's functions
    will not work, and at the end of the process the firewall will
    be rebooted.  Please choose a time when users will not be unduly
    inconvenienced by loss of access to the firewall.

      + Login as root on the firewall.  Ensure that other people do not
        try to login as root or change the firewall configuration while
        you are busy with the upgrade.

      + Change to the directory where the files are.

        If you are upgrading with files on a CD-ROM, then issue the
        following command:

            # cd /cdrom

        If you FTPd the files to the /pub/incoming directory, then issue
        The following command:

            # cd /pub/incoming

      + Run the upgrade command:

            # upgrade upgrade-4.1.16.tgz

        You will be prompted to select a kernel, and you will have to
        type the name of the kernel that you choose.  If you need a kernel
        with a fixed idea of the amount of memory your firewall has,
        then select the kernel with the appropriate memory size.  In
        most cases, you should select kernel.generic, which uses the
        BIOS to determine how much memory is available.

        Finally, you will be prompted to reboot.  A reboot is necessary
        to start using the new kernel.

    You have now finished the upgrade.  Go to the step labeled "Cleanup
    after upgrade via CD-ROM" or "Cleanup after upgrade via FTP".

  * Cleanup after upgrade via CD-ROM

    If you upgraded using files on a CD-ROM, then when the firewall
    reboots at the end of the upgrade, simply remove the CD-ROM from the
    drive.

    If you decided not to reboot, then issue the command

        # umount /cdrom

    to unmount the CD-ROM before you remove it from the drive.

  * Cleanup after upgrade via FTP

    If you upgraded using files that you copied via FTP, then you may
    delete the files from the /pub/incoming directory after the upgrade.
    You may also want to delete the files from the machine inside your
    firewall that you used during the FTP process.