- Kaspersky Secure Mail Gateway
- The Kaspersky Secure Mail Gateway interface
- Application licensing
- About the End User License Agreement
- About the license certificate
- About the key
- About the key file
- About the activation code
- About the subscription
- About data provision
- Modes of Kaspersky Secure Mail Gateway operation under license
- Adding an activation code
- Adding a key file
- Removing a key
- Monitoring license key status
- Configuring warnings about upcoming license key expiration
- Purchasing a license
- Renewing a license
- Updating Kaspersky Secure Mail Gateway
- Application installation and setup
- Deploying a virtual machine in the management console of the VMware ESXi hypervisor
- Deploying a virtual machine in the web interface of VMware vSphere
- Deploying a virtual machine in the management console of the Microsoft Hyper-V Manager hypervisor
- Deploying a virtual machine using Microsoft SCVMM
- Application installation and setup
- Removing the application
- Preparing for removing the application
- Deleting a virtual machine in the management console of the VMware ESXi hypervisor
- Deleting a virtual machine in the web interface of VMware vSphere
- Deleting a virtual machine in the management console of the Microsoft Hyper-V hypervisor
- Deleting a virtual machine using Microsoft SCVMM
- Getting started with the application
- Integrating Kaspersky Secure Mail Gateway into the existing corporate email infrastructure
- Monitoring of application operation
- Using message processing rules
- Viewing the rule table
- Configuring rule table display
- Message processing rule configuration scenario
- Creating message processing rules
- Configuring Anti-Virus protection
- Configuring link scanning
- Configuring Anti-Spam protection
- Configuring Anti-Phishing protection
- Configuring Content Filtering
- Mail Sender Authentication
- Notification settings for message scan events
- Adding a Warning about insecure message
- Adding email disclaimers
- Configuring KATA protection
- Examples of message processing rule configuration
- Viewing rule information
- Enabling and disabling a message processing rule
- Changing rule settings
- Deleting message processing rules
- Allowlists and denylists
- Managing the cluster
- Creating a new cluster
- Viewing the cluster node table
- Configuring the display of the cluster node table
- Viewing information about a cluster node
- Adding a node to the cluster
- Modifying node settings
- Removing a node from a cluster
- Changing the role of a node in a cluster
- Deleting the cluster
- Restarting a cluster node
- Managing the SSL certificate of the cluster node
- Checking data integrity
- Modifying the network settings of a cluster node
- Managing roles and user accounts
- Backup
- Configuring Backup settings
- Configuring personal Backup
- Viewing the table of objects in Backup
- Configuring the display of the table of objects in Backup
- Filtering and finding messages in Backup
- Viewing information about a message in Backup
- Delivering a message from Backup
- Downloading a message from Backup
- Deleting a message from Backup
- Backup digest
- Event log
- Viewing the event log
- Configuring event table display
- Filtering email traffic processing events
- Filtering application events
- Viewing information about email traffic processing events
- Viewing information about an application event
- Application event types
- Exporting the event log
- Configuring the event log
- Message queue
- Reports
- General protection settings
- About computer protection against certain legitimate applications
- Configuring the Anti-Virus module
- Configuring link scanning
- Configuring the Anti-Spam module
- Configuring the Anti-Phishing module
- Configuring Content Filtering
- Configuring external services
- Preparing to configure SPF and DMARC Mail Sender Authentication for outgoing messages
- Configuring date and time
- Configuring the proxy server connection settings
- Updating Kaspersky Secure Mail Gateway
- Database update for Kaspersky Secure Mail Gateway
- Exporting and importing settings
- Participating in Kaspersky Security Network and using Kaspersky Private Security Network
- Integration with an external directory service
- KATA protection
- Integration with a single KATA server
- Integration with multiple servers of the KATA cluster
- Creating a configuration file for the built-in balancer
- Configuring and running the built-in balancer on a cluster node
- Adding a KATA server
- Configuring KATA protection settings
- KATA integration dashboard
- Adding, modifying, and deleting IP addresses of KATA servers
- Disabling KATA integration
- Managing the application over SNMP
- Configuring the snmpd service in the operating system
- Enabling and disabling the use of the SNMP protocol in Kaspersky Secure Mail Gateway
- Configuring SNMP server connection settings
- Enabling and disabling forwarding of SNMP traps
- Configuring encryption of SNMP connections
- Description of MIB objects of Kaspersky Secure Mail Gateway
- Exporting MIB objects
- Email notifications for Kaspersky Secure Mail Gateway
- Configuring notifications about application events
- Configuring notifications about bounce messages
- Configuring notifications about message processing rules triggering
- Configuring notification templates
- Using macros in notification templates
- Adding a unique message ID to the notification
- Configuring the address for messages sent by the application
- Authentication using the single sign-on technology
- Connecting to cluster nodes over the SSH protocol
- Editing MTA settings
- DKIM signature for outgoing messages
- Using the TLS protocol in the operation of Kaspersky Secure Mail Gateway
- Domains and configuration of email routing
- Publishing application events to a SIEM system
- Contacting Technical Support
- Glossary
- Advanced persistent threat (APT)
- Anti-Phishing
- Anti-Spam
- Anti-Spam Quarantine
- Anti-Virus
- Backup
- Backup digest
- BEC attack
- Certificate fingerprint
- Cluster
- Content Filtering
- Control node
- Directory service
- DKIM Mail Sender Authentication
- DMARC Mail Sender Authentication
- Email notification
- Heuristic analysis
- Kaspersky Anti Targeted Attack Platform
- Kaspersky Private Security Network
- Kaspersky Security Network (KSN)
- Kerberos authentication
- Key file
- Keytab file
- LDAP
- Malicious links
- Moebius service
- MTA
- NTLM authentication
- Phishing
- PTR record
- Reputation filtering
- SCL rating
- Secondary node
- Service Principal Name (SPN)
- SIEM system
- SMTP verification
- SNMP agent
- SNMP trap
- Spam
- SPF Mail Sender Authentication
- Spoofing
- TLS encryption
- Update source
- Virtual machine
- Information about third-party code
- Trademark notices
Updating Kaspersky Secure Mail Gateway > Upgrading Kaspersky Secure Mail Gateway to version 2.0 MR1 > Updating the cluster to Kaspersky Secure Mail Gateway 2.0 MR1
Updating the cluster to Kaspersky Secure Mail Gateway 2.0 MR1
Updating the cluster to Kaspersky Secure Mail Gateway 2.0 MR1
Before updating Kaspersky Secure Mail Gateway, we strongly recommend you create a backup copy of Kaspersky Secure Mail Gateway virtual machines (a snapshot of the virtual machine in the hypervisor) of all cluster nodes. This will let you go back to the previous version of Kaspersky Secure Mail Gateway if the installation of the new version fails.
Before installing updates using the Kaspersky Secure Mail Gateway web interface, you must download the ZIP archive with upgrade packages from the Kaspersky website or a partner company website and extract the KTGZ update files from the archive.
This sequence of steps lets you keep processing the traffic of the organization during the update process.
To update the program to version 2.0 MR1 in a cluster containing multiple nodes:
- In the web interface of the Control node, go to the Nodes section and make sure that all cluster nodes are available and do not have errors.
If there is no access to the cluster node, or if errors are encountered on the node, resolve the problems before you start the update process.
- Install upgrade packages on one of the Secondary nodes.
After installing the preliminary upgrade package, the node remains accessible to other cluster nodes.
After installing the main upgrade package, the node becomes inaccessible to other cluster nodes. In the web interface of this node, you need to assign it the role of the new Control node.
To update Kaspersky Secure Mail Gateway to version 2.0 MR1 on the first of the cluster nodes being updated:
- In the web interface of the Control node, go to the Message queue section, select the node for which you want to install the update, and disable the reception of messages on that node.
- In the table of messages in the queue, filter the messages by node then wait until messages from all queues are sent.
- In the web interface of the node being updated, click Install patch and install the preliminary upgrade package (ksmg_upgrade_2.0.0.6478_2.0.1.6960_step1.ktgz).
- If necessary, log in to the web interface of the node.
- Reload the page of the web interface by pressing F5 or clicking the Refresh button in your browser.
- In the web interface of the node being updated, click Install patch and install the main upgrade package (ksmg_upgrade_2.0.0.6478_2.0.1.6960_step2.ktgz).
- Wait until the operating system restarts, then reload the page of the web interface by pressing F5 or clicking the Refresh button in your browser.
- In the web interface of the updated node, click Change role to Control node.
- In the web interface of the new Control node:
- Update the databases.
- If a connection with the LDAP server was configured, update the LDAP cache.
If a LDAP server connection was not configured, synchronize with an Active Directory domain controller.
- In the application web interface window, select the Settings → External services → LDAP server connections section.
- Select the Synchronization settings tab.
- In the Schedule drop-down list, select Manually.
- Click Save.
- Click Synchronize now.
- Turn on the reception and transmission of messages on all cluster nodes and click Apply.
- Turn off the reception of messages on all cluster nodes and click Apply.
- Turn on the reception of messages only on the updated node.
- To check if the messages can pass through the node, send a test message through the node and confirm if it was delivered to the recipient.
As a result, Kaspersky Secure Mail Gateway is updated to version 2.0 MR1 on the cluster node.
- Install upgrade packages on each of the remaining Secondary nodes.
After the update, each Secondary Node will be accessible to the new Control Node and inaccessible to the old Control Node.
- Install upgrade packages on the old Control node.
Before installing the update, you must assign the Secondary node role to it in the web interface of this node.
To update Kaspersky Secure Mail Gateway to version 2.0 MR1 on the old Control node of the cluster:
- In the web interface of the old Control node, go to the Message queue section and turn off the reception of messages.
- Wait until messages from all queues are sent.
- Go to the Nodes section and assign the Secondary node role to the node.
- In the web-interface of the node, install the preliminary upgrade package (ksmg_upgrade_2.0.0.6478_2.0.1.6960_step1.ktgz).
- Wait until the operating system restarts.
If necessary, log in to the web interface of the node.
- In the web-interface of the node, install the main upgrade package (ksmg_upgrade_2.0.0.6478_2.0.1.6960_step2.ktgz).
- Wait until the operating system restarts, then reload the page of the web interface by pressing F5 or clicking the Refresh button in your browser.
- In the web interface of the new Control node:
- Update the databases.
- If a connection with the LDAP server was configured, update the LDAP cache.
If a LDAP server connection was not configured, synchronize with an Active Directory domain controller.
- In the application web interface window, select the Settings → External services → LDAP server connections section.
- Select the Synchronization settings tab.
- In the Schedule drop-down list, select Manually.
- Click Save.
- Click Synchronize now.
- Turn on the reception of messages on the node with the updated program.
- To check if the messages can pass through the node, send a test message through the node and confirm if it was delivered to the recipient.
As a result, Kaspersky Secure Mail Gateway is updated to version 2.0 MR1 on the cluster node.
As a result, all cluster nodes are updated to Kaspersky Secure Mail Gateway version 2.0 MR1 and are accessible from the new Control node.
If necessary, give back the Control node role to the node that previously was the Control node.
Article ID: 239458, Last review: Jan 24, 2025