Upgrading Kaspersky Secure Mail Gateway to version 2.0 MR1
When you upgrade to version 2.0 MR1, you lose all manual changes of configuration file templates in the /opt/kaspersky/ksmg-appliance-addon/share/templates/ and /opt/kaspersky/ksmg/share/templates/core_settings directories, including changes made to implement Technical Support recommendations. You must edit the files to make these changes again after the upgrade.
This functionality is available if the user has the Edit settings permission to upgrade the program on the Control node and Edit settings and Create/edit/delete nodes permissions to upgrade the program on the Secondary node.
Upgrading Kaspersky Secure Mail Gateway to version 2.0 MR1 involves the following steps:
Downloading the ZIP archive with upgrade packages from the Kaspersky website and extracting the archive on your computer
Installing the preliminary upgrade package
Installing the main upgrade package
The upgrade steps must be completed on each node of the cluster.
Minimum free disk space requirements for partitions on the node:
/tmp – 1536 MB (1.5 GB).
/var – 4 GB.
/var/log – 200 MB.
/ – 1 GB.
After Kaspersky Secure Mail Gateway is successfully upgraded to version 2.0 MR1, the following changes will take place on the nodes:
The web interface of the node is upgraded, the product version is changed.
The link to Kaspersky Secure Mail Gateway Online Help is upgraded to version 2.0 MR1.
New program settings are added on the Control node in all localization languages.
The previously added license key is applied.
The number of entries in personal allow and denylists of addresses is reduced to 500 if it previously exceeded that number. Regular expressions used in addresses in personal lists will stop working.
The /etc/nginx/conf.d/ksmg_controlapi.conf configuration file is upgraded.
The less secure encryption algorithms of the SSH will be disabled. You may need to upgrade the information about the host key in the SSH client.
The following data are kept:
Messages in Backup
Email traffic processing events
Data in the Dashboard section
System log files available in Technical Support Mode
Messages in Quarantine
Messages in the MTA queue
Web interface certificate
МТА certificates for TLS encryption
DKIM keys
SSH keys
Local administrator password
KATA certificates
The following data are removed:
Application events
Database upgrades
LDAP cache data
LDAP integrations with repeating search bases
KSN cache data
SIEM integration settings
To avoid data loss, please do the following:
Manually upgrade databases every time you install upgrade packages on a node.
If necessary, configure the publishing of application events to the SIEM system from scratch.
If necessary, recreate the settings of the program that require changes in Kaspersky Secure Mail Gateway configuration file templates.
Copying configuration file templates from Kaspersky Secure Mail Gateway 2.0 is not recommended.
If necessary, you can find information about application events in system logs available in Technical Support Mode.