This document is intended for customers who have already upgraded their Gateway to version 10.0 10.1 or 11.0. The purpose of this document is to demystify patching within the Gateway 10.0, 10.1 or 11.0 space.  If you are looking for assistance upgrading from Gateway 8.x or 9.x please see our formal upgrade documentation here.  

If you are on Gateway 10.0 and need assistance upgrading to Gateway 10.1 please see the Standard Upgrade Procedure for Gateway 10.1 as well as our supplemental 10.1 upgrade Knowledge Base Article here

If you are on 10.x and are looking for information upgrading to Gateway 11.0 please see this area of the documentation: Gateway 11.0 Install, Configure and Upgrade

It is HIGHLY recommended that you review this FAQ including the Additional Information section before proceeding with any patching activity:

This Document will cover:

Note the Color Coding for each section to provide an easier reading experience:

• Gateway 10.0 Cumulative Release (CR) Patching
• Gateway 10.1 Cumulative Release (CR) Patching
• Gateway 11.0 Cumulative Release (CR) Patching
• Monthly Platform Patching (for Gateway Appliances and Gateway Docker deployments)
• Additional information and troubleshooting patching 

Release : 10.0 and 10.1 and 11.0

Component : API Gateway

CAUTION! There is no way to uninstall Cumulative Release patches or Monthly Platform Patches once they are applied to your Gateway so ensure that you do a VMware Snapshot of your Gateway(s) BEFORE doing any patch activity so that you can revert if necessary.

What are the versions of API Gateway?

These are the current versions of the API Gateway:  10.0 and 10.1 and 11.0

Please navigate to the color-coded section for the Gateway version you are interested in patching with a CR (Cumulative Release Patch).  

Gateway 10.0 FAQs are highlighted in Purple

Gateway 10.1 FAQs are highlighted in Orange

Gateway 11.0 FAQs are highlighted in Yellow

Gateway 10.0 Cumulative Release (CR) Patching

What is a Cumulative Release Patch?

Cumulative Release Patches update the Gateway software/product to introduce bug fixes, features, functionality, updated Java versions. 

I am running Gateway 10.0 what Cumulative Release (CR) patches are available?

Currently Gateway version 10.0 has Cumulative Release Patch CR05 which includes all of the patches from CR01 through CR04.  To see full list of Cumulative Release Patch related info please see the Release Notes for Gateway 10.0

Can I apply CR05 for Gateway 10.0 to my 10.1 Gateway?

No.  There are separate Cumulative release Patches for Gateway 10.0 and 10.1.  Both will be covered in this FAQ

Do I need to apply Cumulative Release patches CR01 through CR04 to my Gateway 10.0 in order to apply the latest CR05?

No.  Cumulative Release Patches (CRs) are cumulative and you need only apply the latest CR to your Gateway.

Where can I get the Gateway 10.0 CR05 Patch?

You can find Gateway 10.0 CR05 Patch on our Solutions and Patches Page. This patch zip file is called: Layer7_API_Gateway_v10.0.00-CR05.zip

After downloading this file please Unzip it to see the contents.

What are the files I see in the Gateway 10.0 CR05 zip file and what do I do with them?

When you unzip the Cumulative Release patch file you will see the following files:

• Layer7_API_Gateway_v10.0.00.13030-CR05.L7P
  • This is the main Gateway L7P patch file that gets applied to your Gateway 10.0 to bring it to CR05. 
• Manager-10.0.00.13030-CR05.tar.gz
  • This file is the corresponding MacOS Policy Manager installer to be used with Gateway 10.0 CR05
• Layer7 API Gateway Policy Manager 10.0.00.13030-CR05 Installer.exe
  • This file is the corresponding Windows Policy Manager installer to be used with Gateway 10.0 CR05 
• CA_SSO_SDK_Compact_v12.8.06.L7P
  • This file is the latest SSO SDK install if you are using CA Siteminder integration 

How do I apply the Gateway 10.0 CR05 file to my Gateway?

To apply the Gateway 10.0 CR05 cumulative release patch to your Appliance based Gateway please use these steps:  Patch Using The Menu

To apply the Gateway 10.0 CR05 cumulative release patch to your Software based Gateway install please use these steps: Patch The Software Gateway

Gateway 10.1 Cumulative Release (CR) Patching

What is a Cumulative Release Patch?

Cumulative Release Patches update the Gateway software/product to introduce bug fixes, features, functionality, updated Java versions

I am running Gateway 10.1 what patches are available?

Currently Gateway version 10.1 has Cumulative Release Patch CR04.  To see full list of Cumulative Release Patch related info please see the Release Notes for Gateway 10.1

Can I apply CR04 for Gateway 10.1 to my 10.0 Gateway or Gateway 11?

No.  There are separate Cumulative release Patches for Gateway 10.0 and 10.1 and 11. 

Do I need to apply Gateway 10.1 CR01, CR02 or CR03  before applying CR04?

No you do not need to apply Gateway 10.1 CR01 or CR02 or CR03 before applying CR04. Patch CR04 includes all of the fixes, features and updates from CR01, CR02 and CR03

Where can I get Cumulative Release Patch CR04 for Gateway 10.1?

The Gateway 10.1 CR04 can be downloaded from the Solutions and Patches Page and is called Layer7_API_Gateway_v10.1.00.16967-CR04.zip

After downloading this file please Unzip it to see the contents.

What are the files I see in the Gateway 10.1 CR04 zip file and what do I do with them?

• Layer7_API_Gateway_v10.1.00.16967-CR04.L7P
  
  • This is the main Gateway L7P patch file that gets applied to your Gateway 10.1 to bring it to CR04
• Manager-10.1.00.16967-CR04.tar.gz
  
  • This file is the corresponding MacOS Policy Manager installer to be used with Gateway 10.1 CR04
• Layer7 API Gateway Policy Manager 10.1.00.16967-CR04 Installer.exe
  
  • This file is the corresponding Windows Policy Manager installer to be used with Gateway 10.1 CR04

Note:  If you are looking for the latest Siteminder SSO SDK it was released in Gateway 10.1 CR01 and is included in the CR01 zip file located here

Note:  Broadcom had a Provided an updated DFDL Assertion set up as an individual rpm (ssg-dfdl-transformation-10.1.00-1013.noarch.rpm) included in the Gateway 10.1 CR02 which you can access here: Layer7_API_Gateway_v10.1.00.14326-CR02.zip

How do I apply the Gateway 10.1 CR04 file to my Gateway?

To apply the Gateway 10.1 CR04 cumulative release patch to your Appliance based Gateway please use these steps: Patch Using The Menu

To apply the Gateway 10.1 CR04 cumulative release patch to your Software based Gateway install please use these steps: Patch A Software Gateway

Gateway 11.0 Cumulative Release (CR) Patching

What is a Cumulative Release Patch?

Cumulative Release Patches update the Gateway software/product to introduce bug fixes, features, functionality, updated Java versions

I am running Gateway 11.0 what patches are available?

The Gateway 11.0 CR02 can be downloaded from the Solutions and Patches Page and is called Layer7_API_Gateway_v11.0.00-CR02.zip  

After downloading this file please Unzip it to see the contents.

Where can I learn more about Gateway 11.0 CR02?

See the Release Announcement and the Related Gateway 11 Release Notes which have CR02 information and links

What are the files I see in the Gateway 11.0 CR02 zip file and what do I do with them?

NOTE: There are SEPARATE Patch files for the Gateway 11.0 Appliance and Software Form Factors described in more detail below:

NOTE: If you are running the Software Gateway 11.0 Form Factor you must first install the Patch Management Service on your OS with patch-management-1.0.0-20231124104524.noarch.rpm following the instructions in Patch A Software Gateway

• Layer7_API_Gateway_Debian_v11.0.00-17019-CR02.L7P  <---- Apply to OVA Appliance Gateway Form Factor
  • This is the main Gateway 11.0 CR02 Patch file for the Debian APPLIANCE Gateway.  Apply this file using the instructions in Patch An Appliance Gateway.  This file is ONLY to be applied to your Gateway 11 Debian Appliance Form Factor.
• Layer7_API_Gateway_v11.0.00.17019_CR02.L7P <---- Apply to Software Gateway Form Factor
  • This is the main Gateway 11.0 CR02 Patch file for the SOFTWARE Gateway running on CentOS or Redhat.  However you must first install the Patch Management Service on your Software Gateway using the RPM described in the next bullet. After establishing the Patch Management Service you can use Layer7_API_Gateway_v11.0.00.17019_CR02.L7P to upgrade your Software Gateway 11.0 to CR02
• patch-management-1.0.0-20231124104524.noarch.rpm
  
  • This is the Patch Management Service install RPM for Gateway 11 SOFTWARE Form Factor deployments.  Install this first if you are planning on installing Gateway 11.0 CR02 on your Software Form Factor Gateway.  The instructions on installing the Patch Management Service are located here:  Patch A Software Gateway The Patch Management Service is already established on the base Gateway 11.0 Appliance.
• Layer7 API Gateway Policy Manager 11.0.00.17019-CR02 Installer.exe
  
  • This file is the new Windows Policy Manager to be used with Gateway 11.0 CR02
• Manager-11.0.00.17019-CR02.tar.gz
  
  • This file is the new Mac based Policy Manager to be used with the Gateway 11.0 CR02

Gateway 10 and 10.1 and 11.0 Monthly Platform Patching:

What is a Monthly Platform Patch?

A Monthly Platform Patch is provided to users running the Gateway Appliance or Container form factor which updates the underlying OS Platform and addresses known CVE Vulnerabilities. 

What is the difference between a Monthly Platform Patch and a Cumulative Release Patch (CR)?

Cumulative Release Patches update the Gateway software/product to introduce bug fixes, features, functionality, updated Java versions.  Monthly Platform Patches update the underlying Appliance CentOS Platform to address CVE Vulnerabilities, OS Library updates and also MySQL version updates. 

Are there separate Monthly Platform Patches for Gateway 10.0 and 10.1?

No.  Unlike the Cumulative Release (CR) patches for Gateway 10.0 and 10.1 there is only one Monthly Platform Patch released for both Gateway 10.0 and 10.1 appliances. Please be aware that as of March 31 2023 Gateway 10.0 is End-Of-Life and as such the last available 10.0 Monthly Patch is Layer7_API_PlatformUpdate_64bit_v10.X-CentOS-2023-03-23.zip

Are there separate Monthly Platform Patches for Gateway 11?

Yes.  Since Gateway 11 is based on the new Debian Appliance OS there is a new Monthly Platform patch released for Gateway 11 each month that is separate from the Gateway 10.x Monthly Platform Patches

Do I have to install previous Monthly Platform Patches in order to install the latest?

No.  Like the Cumulative Release (CR) patches the Monthly Platform Patch is also cumulative in nature and you not need to install previous Monthly Platform Patches incrementally.   This is true of all Gateway version Monthly Platform Patches

Where can I find the Monthly Platform Patch for my Gateway 10.0 or Gateway 10.1 Appliance?

You can find the Monthly Platform Patch for the Appliance Gateway on the Solutions And Patches Page

Example:  Layer7_API_PlatformUpdate_64bit_v10.X-CentOS-2023-03-23.zip  <-- See the Date indicating that this is the March 2023 Monthly Platform Patch.

Where can I find the Monthly Platform Patch for Gateway 11?

You can find the Monthly Platform Patch for the Appliance Gateway on the Solutions And Patches Page

Example:  Layer7_API_PlatformUpdate_64bit_v11.X-Debian-2023-04-26.zip

Gateway 10.0 is End-Of-Life for Support.  Will a Monthly Platform Patch continue to be released for Gateway 10.0 after the End-Of-Life date?

No. Due to Gateway 10.0 going End-of Life for Support there will no longer be Monthly Platform Patches released for it or any other Gateway version that has gone End-of-life.

How do I apply a Monthly Platform Patch to my Gateway Appliance?

See the sections depending on which Gateway version you are running

10.x Understanding Gateway Patches  

11.0 Understanding Gateway Patches

I am running the Container Gateway.  Can I also get the Monthly Platform patches?

Yes you can pull Monthly Platform Patches according to the Docker Tags Page

I am running the AWS AMI Appliance or the MS Azure Appliance.  Can I also apply a Monthly Platform Patch to these form factors?

Yes you can apply the same Monthly L7P Platform patch that is applied to the VMware ESX Based appliance. 

When are Monthly Platform Patches Released?

Typically Monthly Platform Patches are released in the last week of every month.

Is there a special order, prerequisites or dependencies between the Cumulative Release (CR) Patch and Monthly Platform Patch?

No.  The Cumulative Release Patches and Monthly Platform Patches are not dependent on each other. They are totally separate.  For example you could apply Cumulative Release Patches and forgo installing Monthly Platform Patches and vice versa.  

Additional Information:

Where can I read more about Gateway patches

Please see our formal documentation on the subject.  10.x Understanding Gateway Patches   11.0 Understanding Gateway Patches

Where can I see the changes, updates and fixes included in the Gateway Cumulative Release Patches?

You can see a full summary of Cumulative Release Patch information and changes from the Release Notes section for each version of the Gateway.  Note the summary of each Cumulative Release Patch 

Gateway 10.0 Release Notes

Gateway 10.1 Release Notes

Gateway 11.0 Release Notes

How to I update my Policy Manager version along with my Gateway Appliance?

Gateway Cumulative Release Patch zip files will always contain a new version of the Gateway Policy Manager installer for MacOS and Windows.  After patching the Gateway with the main L7P file please be sure to also update your workstation with the new Policy Manager that is included in the zip file

What is an L7P file?

An .L7P file is the patch file format that is applied directly to your Gateway appliance.

If you need assistance working with L7P files please see this supplemental material

Working with .L7P Files

Do I have to reboot my Gateway after applying L7P patches?

Yes it is very important to reboot your Gateway after applying an L7P patch file. If you are applying a sequence of L7P patches then you will be required to reboot after EACH patch before you apply the next one

I am getting an error about Disk Space when I try to apply a patch.  What can I do?

Please make sure you check your Gateway file sizes before applying any patches. If you get an error such as Error uploading patch file: No space left on device please see this article for more information and assistance.

Where can I see what patches have already been applied to my Gateway Appliance?

If you would like to see a list of patches that have been applied to your Gateway Appliance you can Select Option 8 from the Gateway Appliance Menu and then Choose Option 4 to List Patches

Can Patches be uninstalled or rolled back?

Patches cannot be uninstalled after they are applied so please ensure that you take a VMware Snapshot of your Gateway Appliance before any patching activity to provide a back-out plan.

If patches cannot be uninstalled then why is there an option to "Delete a Patch from the Gateway"?

This option allows you to clear staged patch files from the staging directories on the Gateway to reclaim space.  This option does NOT Uninstall a patch from the Gateway.  For more on this see see the corresponding section in the main documentation. 

What is the difference between Uploading a Patch and Installing a Patch?

The application of an L7P Patch file is a two step process after the patch has been copied your Gateway.  The upload process is the first step where the patch is first processes by the patching mechanism and the second step is the actual Installation of the patch top the Gateway.  You will see both the Upload and Install options in the Gateway Patching menu. There is also a similar Upload and Install procedure for patching with the Command Line.

Where can I see patch related logs?

Log files for the patching process are located here:

/opt/SecureSpan/Controller/var/logs/patches.log/opt/SecureSpan/Controller/var/logs/patch_cli*.log