Please pass to Australia Support Timezone

 

It mentioned that I can upgrade the access gateway to 12.8 for resolving the openssl and apache vulnerability?

 

  Can I download below 12.8 SP04 Access Gateway

SS13400

SSO Access Gateway r12.8 SP04

 

  To fixing the openssl and apache vulnerability , instead of using the 2 x packages provided by case 32328995 ?

 

  And for the upgrade,

  Currently , we have two policy servers and 2  x SPS on failover mode.

 

  Is followings approach ok for doing the upgrade without downtime?

 

1. Stop Policy Server 02
2. Upgrade Policy Server 02
3. Reboot Policy Server 02
4. Stop Policy Server 01
5. Upgrade Policy Server 01
6. Reboot Policy Server 01
7. Stop SPS 01
8. Upgrade SPS 01 and reboot
9. Stop SPS 02
10. Upgrade SPS 02 and reboot

  Please also sharing the upgrade documents for Siteminder Policy and SPS.

  Thanks so much.

Release : 12.8

Component : SITEMINDER -WEB AGENT FOR APACHE

What you suggest for upgrading the policy server is actually what we recommend:

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/upgrading/in-place-upgrade.html

The policy server should always be of the same or higher version than the Access Gateway you want to use with it.

Once you have upgraded the policy servers you can upgrade the access gateways one at a time:

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/upgrading/in-place-upgrade/upgrade-ca-access-gateway.html

So, your plan is a good one.