Release Notes
Abstract
This firmware update (V4.0.0) provided by IBM updates QRadar® M7 appliances with updates for UEFI, XCC, RAID controllers, and HDD software fixes and enhancements. This firmware can be used on all QRadar M7 appliances, but requires that the administrator configures their XClarity Controller (XCC) for remote management.
Content
Important: Select a tab to read each step of the firmware procedure.
The M7 firmware v4.0.0 ISO is intended to remotely update software through the XClarity Controller (XCC) user interface. Administrators must extract the EXE file and apply the uxz file to update their XClarity Controller, then the ISO can be mounted to apply the remainder of the firmware updates. The installation instructions are provided on tab named 'Part 2. Installing Firmware Updates'. These instructions guide customers through a remote upgrade of their firmware. If you are local to your appliances or have issues with your XClarity configuration.
Limitation: Due to changes in the bundled software, a USB firmware update method is not available on IBM Fix Central at this time. Administrators must use the XCC method to update their M7 firmware.
Important: If your appliance is in a HA pair, there are configuration steps required to set the status properly for your primary and secondary high-availability appliances. For more information, see: http://www.ibm.com/support/docview.wss?uid=swg27047121#HA.
This firmware update applies to the following IBM Security QRadar M7 (1U and 2U form factor) appliance types:
Table 1: List of appliances the M7 appliance firmware V4.0.0 can update.
Part 1: About the M7 firmware V4.0.0 update
The M7 firmware v4.0.0 ISO is intended to remotely update software through the XClarity Controller (XCC) user interface. Administrators must extract the EXE file and apply the uxz file to update their XClarity Controller, then the ISO can be mounted to apply the remainder of the firmware updates. The installation instructions are provided on tab named 'Part 2. Installing Firmware Updates'. These instructions guide customers through a remote upgrade of their firmware. If you are local to your appliances or have issues with your XClarity configuration.
Limitation: Due to changes in the bundled software, a USB firmware update method is not available on IBM Fix Central at this time. Administrators must use the XCC method to update their M7 firmware.
Important: If your appliance is in a HA pair, there are configuration steps required to set the status properly for your primary and secondary high-availability appliances. For more information, see: http://www.ibm.com/support/docview.wss?uid=swg27047121#HA.
Supported appliances, types, and model information
This firmware update applies to the following IBM Security QRadar M7 (1U and 2U form factor) appliance types:
Hardware | Details |
Appliance and machine type model (MTM) |
1U
IBM QRadar Network Insights Appliance 1901 (MTM 4723-N9C) IBM QRadar XX05 1U (MTM 4723-Q7B)
IBM QRadar Event/QFlow Collector Appliance 1501/1201 1U (MTM 4723-Q9C)
IBM QRadar XX48 1U (MTM 4793-Q8D)
2U
IBM QRadar Network Insights 1920 2U (MTM 4723-N2A) IBM QRadar Network Insights 1940 2U (MTM 4723-N4B)
IBM QRadar XX29 M7 appliance 2U (4723-Q9A) IBM QRadar Incident Forensics Appliance 2U (MTM 4723-F1A)
For capabilities on these appliances, see QRadar M7 appliance overview. |
Server Type | M7 |
Server Machine Type | SR630 V2 (7Z71)/ M7 1U SR650 V2 (7Z73) / M7 2U |
Important information and prerequisites in this firmware update
Administrators must ensure that their M7 appliance includes the minimum version outlined in the Prerequisite version column. If your M7 appliance does not meet the prerequisite versions outlined in the table, the administrator must contact IBM QRadar Support to discuss a custom upgrade path for your M7 appliance.
Table 2: Firmware versions and any prerequisite for each component are provided in this table.
Component | Prerequisites | Firmware version in this update | File name |
UEFI/BIOS | None | afe126i-3.10 | lnvgy_fw_uefi_afe126i-3.10_anyos_32-64.uxz |
XCC | None | afot44k-4.30 | oem_fw_xcc_afot44k-4.30_anyos_noarch.uxz |
LXPM | None | xwl220b-3.23 xwl120d-3.23 |
lnvgy_fw_drvln_xwl220b-3.23_anyos_noarch.uxz lnvgy_fw_lxpm_xwl120d-3.23_anyos_noarch.uxz |
RAID controller
|
None | 940-52.22.0-4774-4 (940-8e) 940-52.22.0-4774-4 (940-16i) 540-52.22.0-4775-2 (540-8i) |
lnvgy_fw_raid_mr3.5.940-52.22.0-4774-4_linux_x86-64.bin lnvgy_fw_raid_mr3.5.940-52.22.0-4774-4_linux_x86-64.bin lnvgy_fw_raid_mr3.5.540-52.22.0-4775-2_linux_x86-64.bin |
NIC
|
None | 4.22-1.3357.0-4 9.2-6.2-1.3357.0-2 |
intclnvgy_fw_nic_net.e800.da2.pcie4.22-1.3357.0-4_linux_x86- 64.bin intc-lnvgy_fw_nic_net-9.2-6.2-1.3357.0-2_linux_x86-64.bin |
Emulex | None | 5.70-1.3218.0-4 | elx-lnvgy_fw_fc_lp.35-14.0.376.28-4_linux_x86-64.bin |
NOTES
- A number of hard disk drives can be installed in this appliance. The HDD update tool examines the hard disk drives that are present and selects the latest firmware version that is available for your drive.
- The base system pack might contain other firmware packages that are not present in QRadar appliances. Firmware updates from the base system pack might be displayed with a status of "undetected" when the tool compares available firmware to the hardware in the appliance.
- For general firmware questions and information, see our FAQ page at http://ibm.biz/qradarfirmware.
Security issues resolved in this firmware update
The table lists the software versions and CVEs addressed in the firmware release.
Component | File name | Updates |
UEFI/BIOS | lnvgy_fw_uefi_afe126i-3.10_anyos_32-64.uxz |
Resolved CVEs
CVE-2023-23583 Security
Enhancements
Fixes
Limitations
|
XCC | oem_fw_xcc_afot44k-4.30_anyos_noarch.uxz |
Resolved CVEs
CVE-2015-3414, CVE-2015-3415, CVE-2015-3416, CVE-2016-6153, CVE-2017-3735, CVE- 2017-3736, CVE-2017-3737, CVE-2017-3738, CVE-2017-5130, CVE-2017-6451, CVE-2017-6452, CVE-2017-6455, CVE-2017-6458, CVE- 2017-6459, CVE-2017-6460, CVE-2017-6462, CVE-2017-6463, CVE-2017-6464, CVE-2017-7407, CVE-2017-8816, CVE-2017-8817, CVE- 2017-10989, CVE-2017-12799, CVE-2017-12967, CVE-2017-13710, CVE-2017-14129, CVE-2017-14130, CVE-2017-14333, CVE-2017-14529, CVE-2017-14930, CVE-2017-14932, CVE-2017-14933, CVE-2017-14934, CVE-2017-14938, CVE-2017-14939, CVE-2017-14940, CVE-2017-14974, CVE-2017-15020, CVE-2017-15021, CVE-2017-15022, CVE-2017-15023, CVE-2017-15024, CVE-2017-15025, CVE-2017-15225, CVE-2017-15938, CVE-2017-15939, CVE-2017-15996, CVE-2017-16544, CVE-2017-16931, CVE-2017-16932, CVE-2017-17484, CVE-2017-1000100, CVE-2017-1000101, CVE-2017-1000254, CVE-2017-1000257, CVE-2017-1000494, CVE-2018-6872, CVE-2018-1000005, CVE-2018-1000007, CVE-2018-1000120, CVE-2018-1000121, CVE-2018-1000122 |
LXPM | llnvgy_fw_lxpm_xwl118e-3.21_anyos_noarch.uxz | None |
RAID controller | lnvgy_fw_raid_mr3.5.940-52.22.0-4774-4_linux_x86-64.bin lnvgy_fw_raid_mr3.5.940-52.22.0-4774-4_linux_x86-64.bin lnvgy_fw_raid_mr3.5.540-52.22.0-4775-2_linux_x86-64.bin |
None |
NIC | intclnvgy_fw_nic_net.e800.da2.pcie4.22-1.3357.0-4_linux_x86- 64.bin intc-lnvgy_fw_nic_net-9.2-6.2-1.3357.0-2_linux_x86-64.bin |
None |
Emulex | elx-lnvgy_fw_fc_lp.35-14.0.376.28-4_linux_x86-64.bin | None |
Table 3: Security issues resolved in the M7 firmware update 4.0.0.
A. Before you begin
- This installation method uses the hardware's integrated XCC interface to remotely update firmware.
- If your appliances are in a HA pair, you must prepare your high-availability appliances by using the instructions found here: http://www.ibm.com/support/docview.wss?uid=swg27047121#HA .
- A number of hard disk drives can be installed in this appliance. The HDD update tool examines the hard disk drives that are present and selects the most current firmware level that is available.
B. Downloading and extracting the firmware update
- Download the QRadar M7 appliance firmware from IBM Fix Central: M7 firmware 4.0.0 EXE download.
- Copy the M7 appliance firmware EXE to a directory on the Windows host.
- Double-click the file Qradar_EXE_M7_1U_SR630V2_7Z71_2U_SR650V2_7Z73_4_0_0.exe.
- Select or type a directory path for the firmware update and click Extract.
- The following files are extracted:
C. Updating the XCC firmware
- Log in to the XClarity interface on your QRadar M7 appliance.
- From the navigation sidebar, click Firmware Update.
- Click Update Firmware.
- Click Browse and choose the XClarity (XCC) firmware update oem_fw_xcc_afot44k-4.30_anyos_noarch.uxz.
- Click Next to upload and verify the XCC firmware file.
- Select the BMC (Primary) check box and click Next.
Important: The backup firmware bank is automatically updated. Administrators must ensure the BMC (Backup) check box is cleared (not selected). Administrators who select both check boxes must reinstall their firmware to ensure the primary bank updates properly. - Wait for the update the primary firmware banks to complete.
- Click Restart BMC and clear your browser cache.
Results
Wait for 5 minutes for the XCC interface to restart and log in. Continue to the next section to mount the firmware ISO and configure the boot options.
D. Mounting the M7 Firmware ISO
- From the OEM Controller menu, click Remote Console.
- Click Remote Console Preview.
IMPORTANT: Confirm the following parameters:
2a. Launch the session in Single User Mode.
2b. Clear the Allow others to request my remote session disconnect check box.
2c. Click Launch Remote Console to connect to the appliance. - To open the file mount options, click Diagnostic > Media.
IMPORTANT: Confirm the following parameters:
3a. Verify that the First Boot Device is set to CD/DVD Rom.
3b. Verify that the Boot Mode drop-down is set as Legacy Mode. - Click Mount Local Media, and click Activate.
- Click Browse and select Qradar_ISO_M7_1U_SR630V2_7Z71_2U_SR650V2_7Z73_4_0_0.iso.
- Click Mount all local media.
Note: If successful, a checkmark appears next to the uploaded ISO file. - From the OEM Controller menu, click OS Installation.
- Select Power > Boot Server to System Startup.
- Wait for the setup menu to display.
- From the navigation menu, click UEFI Setup.
- Click Start Options, then CD/DVD Rom.
- In the Update Settings menu, verify that all check boxes are clear (not selected) and click Next.
- From the Update Comparison menu, click Begin.
- The IBM UpdateXpress System Pack Installer compares the current package with the installed firmware.
- Review the list of updates.
Important: In the next step, administrators must confirm that all recommended updates are CHECKED, except for Lenovo/XClarify Controller XCC as this firmware was updated manually by the administrator in previous steps. - Verify the check box for Lenovo/XClarity Controller (XCC) is clear (not selected) and click Next.
- Wait for the firmware updates to load.
- Click Begin Update to install the firmware.
NOTE: Administrators might be prompted with a confirmation dialogue and need to click Yes to continue. - Verify that all updates complete successfully and click Next.
- Click Finish to exit.
- The appliance must reboot to complete the firmware installation.
- Log in to the XClarity interface and connect to the appliance with the Remote Console.
- Click Diagnostic > Media and click Unmount.
Results
After the ISO file is unmounted, the administrator can log out and complete this procedure on other QRadar appliances. If you experience any installation issues, you can contact QRadar Support for assistance and open a software support case for your appliance. The support representative can request the firmware logs for review to determine the root cause of the issue or if replacement hardware is required. If the issue is hardware-related, the support representative can change the case type and involve the proper teams to schedule replacement parts.
Troubleshooting
- A green screen is not indicative of failure by itself, press CTRL on your keyboard to wake up the screen saver. If CTRL does not wake up the screensaver, you might need to press ENTER key. After ENTER key is pressed, if the Green background screen remains, check the power state of the XCC by going to the OEM Controller home page to view the power status in the upper left screen.
Note: If you can't reconnect to the IMM, or XCC, you need to send someone to the site to check on the machine status. In some rare circumstances, IMM can disconnect and the server maybe waiting for someone to press ENTER key locally.
[{"Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwtcAAA","label":"Hardware"}],"ARM Case Number":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"All Version(s)"}]
Was this topic helpful?
Document Information
Modified date:
02 May 2024
UID
ibm17112083