Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

Symptoms 

Your organization has a tight security policy that mandates a firewall which blocks any external traffic, including that from your SoftNAS, and/or Fuusion, deployments to/from the outer world. This is preventing receipt of necessary updates.   

Purpose 

The purpose of this document is to outline the steps required to maintain access to the required IPs for SoftNAS, or Fuusion, updates without compromising the tight security requirements of organizational policy. More details on our latest releases for SoftNAS can be found in the SoftNAS Release Notes and for Fuusion can be found in the /wiki/spaces/TEST/pages/91848965

Note:Buurst recommends a reboot of your system be performed prior to performing a system upgrade. This ensures that the upgrade is performed on a stable system.  

Note: In addition to this KB; If you are upgrading a HA pair please refer to the link here /wiki/spaces/SD/pages/92999399

 
Warning: If putting only one node into maintenance mode, synchronization need not occur. If both HA nodes need to be placed into maintenance, a forced synchronization will need to occur. 

Resolution 

Our goal here, as mentioned, is to translate the mirroring system to a fixed URL or set of URLs that we can use when configuring any firewall. If you have already installed SoftNAS, or Fuusion, in a secure VPC and are unable to open HTTP traffic to the outside world to proceed with the following steps 

  1. Please whitelist port 443 for the following domains/IP addresses: 

    # softnas.com IP: 54.88.117.35/32  
    # mirror.softnas.com IP: 52.86.152.91/32  
     
    Please note that the IP addresses might change over time. For example, the previous version of this document had a different IP address for mirror.softnas.com.  At the same time, we are committed to using the same domain names softnas.com and mirror.softnas.com and as such whitelisting of the domain names instead of IP addresses is preferable. 
     
    Only outgoing access to the above domain names/IP addresses to port 443 is required. For example, to allow access on a level of AWS and/or Azure Network Security Group, only 2 outgoing ALLOW rules are required, while no new inbound rules are required. 

  2. Next, you can test the above changes by running the commands below and if your firewall is properly configured you should be able to get some feedback as the screenshot below: 
     
    # curl -khttps://softnas.com/  
    # curl -k https://mirror.softnas.com/



  3. If step 2 was successful, please head over to Storage Center → Settings Software updates to begin the upgrade process. If not please check your firewall and network traffic and try step 2 again. 

 

  • No labels