Upgrade involves installing the new version of the software, booting into that new version, and making any other changes that might be required.

Use this process to upgrade BIG-IQ Security using a combination of the graphic user interface and the command line interface.

If the BIG-IQ system is in a high availability (HA), the upgrade includes:

1. Ending the HA configuration.
2. Individually upgrading each BIG-IQ system.
3. Re-established the HA configuration after the systems are upgraded.

1. Separate the HA configuration by removing the standby device from the device group.
   1. Log in to the active BIG-IQ device and at the top-right corner of the BIG-IQ Security screen, select System and Overview. The Localhost screen opens.
   2. On the left, click High Availability. The screen displays the configuration for the Peer device (the standby node).
   3. Click the Delete button at the top-right corner of the Localhost screen. A pop-up screen appears to confirm that you want to remove the standby device from the device group.
   4. Click the Remove button to confirm.
   5. Watch the HA-status indicator at the top-left corner of the screen. When the HA configuration is separated, the indicator changes from Active (Primary) to Standalone.
   The status indicator at the top-left of the screen now reports Standalone on both BIG-IQ devices.
2. Use a secure copy method to copy the image (ISO) to the /shared/images directory on both devices formerly in the HA configuration. You can use SCP, FTP, SFTP or any other means of securely transferring ISOs between hosts. scp <big-iq-iso-name> root@<big-iq-standby-node-url>:/shared/images/.

1. Separate the HA configuration by removing the standby device from the management group.
   1. Log in to the active BIG-IQ device, and from the BIG-IQ option list at upper left, select System.
   2. In the BIG-IQ Systems panel, expand Management Group.
   3. Select the standby device.
   4. Hover over the gear icon, click it and select Properties. The Localhost screen opens.
   5. In the expanded screen, click Remove.
   The status indicator at the top-left of the screen now reports Standalone on both BIG-IQ devices.
2. Use a secure copy method to copy the image (ISO) to the /shared/images directory on both devices formerly in the HA configuration. You can use SCP, FTP, SFTP or any other means of securely transferring ISOs between hosts. scp <big-iq-iso-name> root@<big-iq-standby-node-url>:/shared/images/.

1. This step applies to BIG-IQ devices running version 4.3 software; skip to step 2 if your devices are running version 4.4 software. For version 4.3, repeat these substeps on both devices to upgrade the image on each.
   1. Log in to the active BIG-IQ device and at the top-right corner of the screen, select System and Overview. The Localhost screen opens.
   2. Select Software Update from the ptions on the left. Information about the current software displays in the viewing area.
   3. From the Software Image list, select the image to use for the update. This is the image you downloaded.
   4. From the Install Location list, select the location to use for the update.
   5. For the Option setting, select both options.
   6. Click the Apply button in the lower-right corner of the panel. A pop-up screen prompts you to confirm that you want to reboot the device.
   7. Click the OK button in the pop-up screen. The BIG-IQ system loads the new software and reboots.
2. This step applies to devices running 4.4 software; skip this step if your devices are running version 4.3 software. For version 4.4, repeat these substeps on both devices to upgrade the image on each.
   1. On the BIG-IQ Systems panel, expand Management Group.
   2. Hover over the gear icon, then click it and select Properties.
   3. Click Software Update.
   4. Click Update.
   5. From the Software Image list, select the image to use for the update. This is the image you downloaded.
   6. From the Install Location list, select the location to use for the update.
   7. or the Options etting, click Reboot After Live Install.
3. For both devices, verify that the image is booted on the correct volume using the command tmsh show sys software.
4. From the BIG-IQ System, re-establish the HA redundant configuration. When re-establishing the HA configuration, the source device copies its common configuration data to the target device. The source device is the device where you start the process of re-instating the HA configuration. Select a source device whose configuration data is the most up-to-date.
   1. On the device you have selected to be the Primary/Active device, hover over the gear icon for the HA Peer Group.
   2. Click Add Device. The New Device screen opens.
   3. Enter the HA Communication Address of the peer device, and administrator credentials for the secondary BIG-IQ device.
   4. For Network Security configurations, select Active-Standby as the High Availability Mode.
   5. Click the Add button.
   6. Affirm the confirmation to start the re-instatement process.
5. Expand the HA Peer Group and monitor the status changes for the newly-added device.
   1. Monitor the status updates in the new device entry under the management group.
   2. Monitor the device/cluster status indicator at the top left of the screen.
   3. When the indicator changes to Active (Primary) the reinstatement of the redundant system configuration has completed successfully.
6. Visually examine the configuration of both devices to verify that they are synchronized.

1. Perform these steps on both devices.
   1. Upgrade the image (ISO) using the command: tmsh install sys software image big-iq-iso-image-name volume volume-name If installing a hotfix, in the previous example replace the keyword image with the keyword hotfix Also, when installing a hotfix, both the hotfix and the base version must be in the same directory.
   2. Monitor the progress of the upgrade using the command tmsh show sys software.
   3. Change the boot partition/volume using the switchboot command. It is critical that you include the switch -b in the following command. switchboot -b volume-name
   4. Reboot using the command reboot.
2. From the BIG-IQ System, re-establish the HA redundant configuration. When re-establishing the HA configuration, the source device copies its common configuration data to the target device. The source device is the device where you start the process of re-instating the HA configuration. Select a source device whose configuration data is the most up-to-date.
   1. On the device you have selected to be the Primary/Active device, hover over the gear icon for the HA Peer Group.
   2. Click Add Device. The New Device screen opens.
   3. Enter the HA Communication Address of the peer device, and administrator credentials for the secondary BIG-IQ device.
   4. For Network Security configurations, select Active-Standby as the High Availability Mode.
   5. Click the Add button.
   6. Affirm the confirmation to start the re-instatement process.
3. Expand the HA Peer Group and monitor the status changes for the newly-added device.
   1. Monitor the status updates in the new device entry under the management group.
   2. Monitor the device/cluster status indicator at the top left of the screen.
   3. When the indicator changes to Active (Primary) the reinstatement of the redundant system configuration has completed successfully.
4. Visually examine the configuration of both devices to verify that they are synchronized.