In some cases, if the 'show security trust-package' CLI command shows a trust package created after Monday, October 22nd 2018 20:41:47 UTC then this issue may not occur and the ProxySG can be upgraded directly to a later SGOS release without following these steps.
Release : pre SGOS 6.7.4.3
The solution is to change the clock back before Jan 11, 2020 so the ProxySG will think the certificate is still valid, and then upgrade to SGOS 6.7.4.3. Once the box is at 6.7.4.3, the box can be upgraded to its final destination. After upgrading successfully, set the clock back.
Instruction from the GUI:
To set the clock back a year:
To upgrade the ProxySG from a local file:
To upgrade the ProxySG from a URL:
As the clock is set back, TLS connections will fail. Any URL will need to be HTTP, and not HTTPS. There are still some situations in which upgrading by URL will not work, and so please upgrade via local file if the following does not work for you.
Once the box is back up, follow the same process for the version of SGOS you are upgrading to. Once you are on your final version, follow the instructions on changing the clock to put the date back, and re-enable NTP if it was configured.
Instructions from CLI:
To set the clock back a year:
To upgrade the ProxySG from a URL:
As the clock is set back, TLS connections will fail. Any URL will need to be HTTP, and not HTTPS. There are still some situations in which upgrading by URL will not work, and so please upgrade via local file in GUI if the following does not work for you.
From the command line:
Below is some sample output of what the upgrade should look like. In this example, the date was changed to Jan 10th instead of changing the year to 2019.
Once the box is back up, follow the same process for the version of SGOS you are upgrading to. Once you are on your final version, follow the instructions on changing the clock to put the date back, and re-enable NTP if it was configured.