How to upgrade from a mixed OPSWAT v3/v4 EPC setup to a current OPSWAT v4 only EPC setup?

03/25/2021 3 546

DESCRIPTION:

OPSWAT v3 (v3) is deprecated and no longer supported. The Latest Advanced End Point Control update does not support v3 Device Profiles. The Latest Advanced EPC update can not be applied to an SMA where v3 profiles exist. 

A 12.1 appliance can be upgraded to 12.4.  Also, a 12.1 configuration can be imported into a 12.4 appliance.

A configuration with v3 EPC device profiles can not be cleanly imported into a 12.4 appliance. A 12.1 appliance with v3 profiles can not be upgraded to 12.4.  If you proceed with the configuration import or upgrade the v3 profiles are deleted. Once there are no v3 profiles, the upgrade or import works as expected.  Deleting these profiles under these situations makes recreating them problematic. 

Many customers have an environment where all of their EPC Device profiles are v3 or they have a mix of v3 and v4 profiles.

Preparing for the upgrade, by replacing v3 profiles with v4 profiles, allows the upgrades or import to be done cleanly

This KB explains the process to do that conversion and upgrade to a completely OPSWAT v4 setup and load the Latest Advanced EPC update.  

RESOLUTION:

The primary practical difference between OPSWAT v3 (v3) and OPSDWAT v4 (v4) profiles are related to the AntiVirus and Antispyware options in v3 are replaced by a single category, Antimalware, in v4 profiles.  This matches the practice in the industry. As vendors of these products migrated their products to the Antimalware model, this was a necessary change in OPSWAT.  

The SMA marks v3 profiles with a yellow warning triangle and error message on the Device Profiles screen. 

To clean out in-use v3 profiles it is necessary to create a v4 profile to replicate as well as possible the same EPC test as the v3 profile.  In some cases it is not possible to completely replicate the old obsolete profile with the newer options in v4. But a close approximation is possible. It is important to test the new v4 profile with a typical user device before rolling the change out to all users. 

Note the v4 profile has no warning and used the Antimalware attribute. 

To proceed the v3 profile is removed from the EPC Zone and the v4 profile is added to the Zone.  

Save and apply pending changes. 

Once the v3 profiles are not in-use with any EPC Zone, the v3 profiles can be deleted.  

The old EPC update supported both v3 and v4 Device Profiles.  

With all v3 profiles removed, the upgrade can proceed.  

The current EPC updates are v4 only.