This firmware update (2.1.0 ISO) provided by IBM updates the RAID 5210 controller to a more stable version for IBM® Security QRadar® M5 appliances with easier to follow installations procedures. This update can be used on all QRadar M5s for both 1U or 2U form factor appliances.
Part 1: About the M5 Firmware v2.1.0 ISO Update
To install a firmware update on an M5 appliance, administrators must have IMM configured. This M5 firmware update v2.1.0 is a republish of the previous firmware update with new instructions for remotely updating firmware on appliances by updating IMM, then mounting an ISO file to complete the update. The installation instructions in tab Part 2 have been updated to guide customers through a remote upgrade of their firmware. Tab one of this technical note outlines firmware versions and general information about the M5 appliance firmware upgrade. The main change in this update is to address a reported issue in the M5210 Raid controller firmware. This update modifies the version of the RAID Controller to roll back to a more stable version. Administrators with M5 appliances should schedule a change window for their deployment to update these appliances. For M3 or M4 firmware, see our FAQ page at http://ibm.biz/qradarfirmware.
Important: If your appliance is in a HA pair, there are configuration steps required to set the status properly for your primary and secondary high-availability appliances. For more information, see: http://www.ibm.com/support/docview.wss?uid=swg27047121#HA.
Supported appliances, types, and model information
This firmware update applies to the following IBM Security QRadar M5 appliances, server type, or Machine type models:
|Appliance Name||Server Type||Lenovo Server Machine Type||IBM Machine Type-Model|
|IBM Security QRadar xx05 G3||x3550 M5||MT 8869||4412-Q1E|
|IBM Security QRadar Event Collector 1501 G3||x3550 M5||MT 8869||4412-Q4D|
|IBM Security QRadar Network Insights 1901||x3550 M5||MT 8869||4412-F4Y|
|IBM Security QRadar xx29||x3650 M5||MT 8871||4412-Q2A|
|IBM Security QRadar xx48||x3650 M5||MT 8871||4412-Q3B|
|IBM Security QRadar Incident Forensics||x3650 M5||MT 8871||4412-F1A|
|IBM Security QRadar Network Insights 1920||x3650 M5||MT 8871||4412-F3F|
|IBM Security QRadar Network Packet Capture||x3650 M5||MT 8871||4412-F2C|
Important file changes and prerequisites in this firmware update
The core change in this release (2.1.0) is to update the 5210 RAID Controller to a stable version as administrators reported issues with an existing RAID firmware module. Administrators must ensure that their M5 appliance includes the minimum version outlined in the Prerequisites column, if any are required by this update.
|Component||Prerequisites||Firmware versions installed by v2.1.0||File name|
|UEFI/BIOS (1U 8869)||None||tbeg28j-2.32||oem_fw_uefi_tbeg28j-2.32_anyos_32-64|
|UEFI/BIOS (2U 8871)||None||tceg28j-2.32||oem_fw_uefi_tceg28j-2.32_anyos_32-64|
|RAID Controller M1215||None||1200-24.12.0-0038||lnvgy_fw_sraidmr_1200-24.12.0-0038_linux_32-64|
|RAID Controller M5210||None||5200-24.12.0-0024||lnvgy_fw_sraidmr_5200-24.12.0-0024_linux_32-64|
CVEs and change list information for firmware 2.1.0 updates
Change files (.chg) can be opened by any text editor. These files contain the full release notes provided by Lenovo to IBM for both CVEs and resolved issues that administrators might want to review.
|Component||File name||CVEs resolved in this package|
|IMM2||oem_fw_imm2_tcoe26h-3.70_anyos_noarch||CVE-2016-3706, CVE-2016-1234, CVE-2016-2177, CVE-2016-2178, CVE-2016-6313, CVE-2016-6302, CVE-2015-2179, CVE-2016-2181, CVE-2016-6306, CVE-2015-8605|
|UEFI/BIOS (1U 8869)||oem_fw_uefi_tbeg28j-2.32_anyos_32-64||None|
|UEFI/BIOS (2U 8871)||oem_fw_uefi_tceg28j-2.32_anyos_32-64||None|
|RAID Controller M1215||lnvgy_fw_sraidmr_1200-24.12.0-0038_linux_32-64||None|
|RAID Controller M5210||lnvgy_fw_sraidmr_5200-24.12.0-0024_linux_32-64||None|
|Other Security Fixes||None||Security vulnerabilities resolved in open source packages where there is no IMM exposure:|
CVE-2015-5352, CVE-2015-6563, CVE-2015-6564, CVE-2016-1908, CVE-2016-3115, CVE-2016-3075, CVE-2016-4429, CVE-2016-2774, CVE-2016-6153, CVE-2016-6304, CVE-2015-8872, CVE-2016-6263, CVE-2016-4804, CVE-2016-6318, CVE-2015-2059, CVE-2015-8948, CVE-2016-6261, CVE-2016-6262, CVE-2016-2180, CVE-2016-2182, CVE-2016-2183
Detailed Change for M5 Firmware Version 2.1.0
A change log summary is attached for the software installed by this firmware update. Administrators can use any text editor to review the attached change list. The EXE file also includes a change list (.chg file) for each individual firmware package. Administrators can navigate to the /workingdir folder after extracting the EXE to view individual firmware updates.
Where do you find more information?
Before you begin
- This installation method uses the hardware's integrated management module (IMM) to remotely update files.
- Administrators MUST enable IMM.Over.LAN on the xSeries appliance BEFORE the firmware update is applied. For information on how to enable this setting, see: http://www.ibm.com/support/docview.wss?uid=swg21982944.
- If your appliances are in a HA pair, you must prepare your high-availability appliances using the instructions found here: http://www.ibm.com/support/docview.wss?uid=swg27047121#HA.
- A number of hard disk drive updates can be installed by this firmware. The HDD update tool examines the hard disk drive types that are present and selects the most current firmware level that is available based on the drive type automatically.
- The base system pack contains other firmware packages that are not in QRadar appliances. Therefore, these packages are displayed during the update with a status of "undetected" and not selected to be updated. The administrator can disregard any packages labeled as undetected
- If the Emulex card firmware does not install as intended or you experience an issue, you can continue the firmware installation and any Emulex issues will be addressed in the next firmware update. If you do not have an Emulex card with your appliance, the installation instructions include a screen capture of the error message that is generated during the firmware install.
Downloading and extracting the firmware update
- Download the QRadar M5 appliance firmware update from IBM Fix Central: http://www.ibm.com/support/fixcentral/swg/quickorder?parent=Security%2BSystems&product=ibm/Other+software/IBM+Security+QRadar+SIEM&release=7.2.0&platform=Linux&function=fixId&fixids=7.3.0-QRADAR-FIRMWARE-M5-QRadar-QNI-PCAP-QIF-2.1.0&includeSupersedes=0&source=fc
- Copy the M5 appliance firmware EXE to a directory on the Windows host.
- Double-click on the file:Qradar_All_M5_ISO_MT8869_x3550_MT8871_x3650_2_1_0.exe.
- Select or type a directory path for the M5 firmware update and click Extract.
- The following files are extracted to the Windows host.
Updating the IMM firmware
- Log in to the IMM interface on your QRadar M5 appliance.
- Select Server Management > Server Firmware from the menu.
- Click Update Firmware
- Click Select File and choose the IMM2 firmware update oem_fw_imm2_tcoe26o-3.75_anyos_noarch.uxz downloaded for your M5 appliance.
- Click Next to upload and verify the IMM2 firmware file.
- In the Additional Options, select to update the primary and secondary firmware banks.
- Wait for the update the primary and secondary firmware banks to complete.
- Click Restart IMM and clear your browser cache.
After the IMM interface reboots, log in to the IMM and continue to the next section to mount the firmware ISO and configure the boot options.
Mounting the M5 Firmware ISO
- Click on Remote Control.
- To start the Remote Control session click on use Active X for Internet Explorer or Java for all other Browsers.
- Click on Start Remote Control in Single User Mode.
NOTE: Administrators should always use single user mode for remote connections for updates.
- Administrators should leave the Allow others to request my remote session disconnect check box clear. It is not recommended for administrators to allow other users to request the active session for firmware updates.
- From the menu, select Virtual Media > Activate.
- From the menu, select Virtual Media > Select Devices to Mount.
- From the Devices window click on Add Image.
- Locate the ISO image you wish to use. Click Open.
- Select the CD/DVD QRadar_All_M5 is highlighted and verify that the Mapped check box is selected.
- Click Mount Selected.
- Power Up or Reboot the system to start the software installation process.
- As the appliance is rebooting, press the F12 key to select a boot device.
- At the Boot Devices Manager window use the arrow keys to navigate.
- Administrators must cleart the Legacy Mode check box, then select the CD/DVDM option and press ENTER.
- The boot screen for the appliance is displayed. The IBM ToolsCenter Welcome page is displayed.
- When prompted, select the Updates option.
- Verify that the Updates list shows the correct machine type for the appliance.
Hardware Details Server Type x3550 M5
Server Machine Type MT 8869
NOTE: For example, System x3650 M5 -- machine type 8871.
- To start the update link, select Click here to start update.
- Select your language and click I accept the terms in the license agreement to continue.
- The IBM UpdateXpress System Pack Installer compares the current package with the installed firmware.
- From the list of selected firmware items, verify that the selected items match the firmware items to update.
- If your appliance has a secondary firmware bank, select the Target the secondary firmware bank check box and Click Next. If you do not have an alternate firmware bank, this option is ignored.
- To start applying the updates, click Next on the Update Options page.
- Verify that all the firmware updates are applied, and click Next to complete the update.
- After the update is complete, click Save Log to save the installation log to the USB flash drive. This file can be provided to support in case any issues occurred during the update.
- Select the USB flash drive and click OK.
- When all updates are complete, click Finish to reboot the appliance.
- The appliance reboots and starts up normally.
The bootable media creator starts to install firmware on the M5 appliance.
(Click to enlarge image)
(Click to enlarge image)
Emulex Update Error Messages
This update might issue an Emulex installation warning to administrators that can be ignored. Not all QRadar M5 pr M4 appliances ship with an Emulex card. The firmware update contains software to attempt to update the Emulex drivers; however, if the appliance does not include an Emulex, an installation error will be displayed, "Install did not succeed" as shown below.
Where do you find more information?
10 May 2019