Reinitializing the drives on a multi-disk ProxySG is relatively easy and problem free. This process can be done during production hours without causing any downtime to the users. However, unless it is absolutely necessary, it is best to perform a reinitialize operation during low traffic or off hours. The first four steps below are strictly precautionary backup operations.
Note: You can skip steps 1-4 if you have a Symantec Director device. Instead you can simply use Director to save a profile of the SG.
- Backup the "configuration-passwords-key" keyring. For full details, please see KB article 000012716.
- Backup other non-default SSL keys. For full details, see KB article 000012716.
- Copy the content filter database key.
- In the Sysinfo, search for "Content Filter Status" section.
- Save the "Download License key" to a safe, but easily accessible location.
- Backup the system configuration.
- Go into the Management Console > Configuration tab > General > Archive > View Current Configuration (the top section of this page).
- Select "Configuration - expanded setup"
- Click "View" (brings up the config in a new browser window)
- Save using your web browser's "Save" function.
- Reinitialize the disks (a two disk ProxySG system is used as our example system)
- Symantec uses the "slot number" as a reference when reinitializing disks. Start with slot 1 and work up through all the slots (slot 2, then slot 3, through slot N, where N equals the number of disk slots that contain hard drives). Be sure to look over the "Sysinfo" file to review what the actual slot numbers are.
- Look under "Hardware Information" in the sysinfo.
- Launch into the command line interface (CLI). You can SSH or serial into the CLI.
- Go into enable mode.
- From the CLI, type the following command:
- disk reinitialize 1
- Wait until it finishes
- Check the event log for disk related errors and save as the "reinit-1.log" file. To access the event log, go to https://<proxy.ip.address>:8082/eventlog/fetch=0xffffffff . Save the log file using the browser's save function.
- disk reinitialize 2
- Wait until it finishes
- Check the event log for disk related errors and save as the "reinit-2.log" file. To access the event log, go to https://<proxy.ip.address>:8082/eventlog/fetch=0xffffffff . Save the log file using the browser's save function.
- (Optional): If you have a service request open and a technical support engineer is working with you, you can upload the event logs to https://support.symantec.com/ .
- Once the last hard drive has been reinitialized, you should be good to go.
In the event the configuration is lost during a reinitialize, please do the following:
- Run through the initial setup via the CLI.
- Restore the "configuration-password-key" keyring. For full details, please see KB article 000012716.
- Restore the other SSL keys.
- Download your content filtering database using the download license key.
- Restore the system configuration
- Launch the Management Console
- Go to the Configuration tab > General > Archive > Install Configuration from:
- Select "Local File".
- Click "Install"
- Browse to where you saved the system configuration file.
- Select and click "Open" and this initiates the install.
- Wait and when it is finished it will tell you that it was successful.
Expect error messages when restoring an expanded configuration file
NOTE: An expanded configuration file contains all the encrypted passwords and network settings. These passwords are encrypted with the default "configuration-password-key". Once the ProxySG has been reinitialized that key is lost and a new one is created. If you do not restore the "configuration-passwords-key" before restoring the configuration file, then when the ProxySG imports the configuration file, it will attempt to decrypt those passwords using the new key and it will fail. That is expected. These passwords can be reset manually via the Management Console. Also the ProxySG will try to apply the network settings found in the file. However, during the setup process some network settings are already "set". So the ProxySG will print an error message letting us know that its already there. There may be other messages printed among the messages that actually have a result of "ok". It is important to carefully go through the error messages to determine if there is anything listed there that may be a valid concern.