Appliance firmware (v7.0.0) provided by IBM updates QRadar® M4 appliances with the latest UEFI, IMM2, RAID controllers, and HDD software that has been validated by the QRadar team. This firmware update is intended for IMM remote updates of M4 1U form factor hardware on QRadar appliances.
Part 1: About the M4 1U Firmware v7.0.0 ISO Update
To install a firmware update on an M4 1U appliance, administrators must have IMM configured. The firmware update can take up to 60 minutes complete per appliance and the administrator are required to reboot the appliance after the firmware install completes. The firmware upgrade procedures should only be done during a change window or during maintenance time for your QRadar appliances. If you do not have IMM configured on your M4 appliance, you can use the bootable USB drive instructions. For more information, see our FAQ page at https://ibm.biz/qradarfirmware.
Supported appliances, types, and model information
This firmware update applies to the following IBM Security QRadar M4 (1U form factor) appliances:
|Appliance||QRadar 21xx (4380-Q1C) |
QRadar Event Collector 1501 G2 (4380-Q2C)
QRadar QFlow Collector 1201 G2 (4380-Q2C)
QRadar QFlow Collector 1202 G2 (4380-Q3C)
QRadar QFlow Collector 1301 G2 (4380-Q4C)
QRadar QFlow Collector 1310 G2 (4380-Q5C)
QRadar QFlow Collector 1310 SR-C G2 (4380-Q5C)
QRadar QFlow Collector 1310 LR-C G2 (4380-Q6C)
|Server Type||x3550 M4||1U|
|Server Machine Type||7914||1U|
|Machine type models (MTM)||4380-Q1C |
Important information and prerequisites in this firmware update
Administrators must ensure that their M4 appliance includes the minimum version outlined in the Prerequisite version column. If your M4 appliance does not meet the prerequisite versions outlined in the table, the administrator must contact IBM QRadar Support to discuss a custom upgrade path for your M4 appliance.
|Component||Prerequisite version||Firmware version||Name|
|IMM2||4.31 or later||1aoo90b-7.40||ibm_fw_imm2_1aoo90b-7.40_anyos_noarch.uxz|
|Server RAID Controller H1110||None||1.20.02||ibm_fw_mpt2sas_h1110-1.20.02_linux_32-64.bin|
|Server RAID Controller M1115||None||20.13.1-0254||ibm_fw_sraidmr_1000-20.13.1-0254_linux_32-64.bin|
- After the IMM firmware is installed, the appliance must be restarted. Lenovo recommends that administrators restart appliances, instead of powering down the hardware to avoid a potential high voltage motherboard condition that can occur.
- If your appliances are in a HA pair, you must prepare your high-availability appliances using the instructions found here: http://www.ibm.com/support/docview.wss?uid=swg27047121#HA.
- A number of hard disk drives can be installed in this appliance. The HDD update tool examines the hard disk drives that are present and selects the most current firmware level that is available.
- The base system pack contains other firmware packages that are not in QRadar appliances. Therefore, these packages appear when the tool runs, but have a status of "undetected" and not selected to be updated.
- IMM2 v6.00 and later requires Java version 8. If administrators do not have Java version 8 installed on their workstation, the console window does not open. Before you are able to take remote control of an appliance, a Java check is completed and instructions are provided to the administrator if Java 8 is not available. An alternative for administrators is to use ActiveX and the Internet Explorer browser.
Security issues resolved in this firmware update
The table lists the software versions contained within the firmware package and the applicable CVEs addressed in this firmware release.
|Component||File name||CVEs resolved in this package|
|IMM2||ibm_fw_imm2_1aoo90b-7.40_anyos_noarch.uxz||CVE-2019-11477, CVE-2019-11478, CVE-2019-11479 |
|Server RAID Controller H1110||ibm_fw_mpt2sas_h1110-1.20.02_linux_32-64.bin||None|
|Server RAID Controller M1115||ibm_fw_sraidmr_1000-20.13.1-0254_linux_32-64.bin||None|
|Other Security Fixes||None||Additional firmware changes to address security vulnerabilities in open source packages, but for which there is no IMM2 exposure: CVE-2018-15473, CVE-2018-15919 |
Downloading and extracting the firmware update
- Download the QRadar M4 1U appliance firmware update v7.0.0 from IBM Fix Central: http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+SIEM&release=7.3.0&platform=All&function=fixId&fixids=7.3-QRADAR-FIRMWARE-M4_1U_ISO-QRadar-QNI-PCAP-QIF-7.0.0&includeSupersedes=0&source=fc
- Copy the M4 appliance firmware EXE to a directory on the Windows host.
- Double-click on the file: Qradar_IMG_M4_2U_MT5466_x3650_7_0_0.exe.
- Select or type a directory path for the M4 firmware update and click Extract.
- The following files are extracted.
Updating the IMM firmware
- Log in to the IMM interface on your QRadar M4 appliance.
- Select Server Management > Server Firmware from the menu.
- Click Update Firmware.
- Click Select File and choose the IMM2 firmware update ibm_fw_imm2_1aoo90b-7.40_anyos_noarch.uxz.
- Click Next to upload and verify the IMM2 firmware file.
- In the Additional Options, select Action1: Update the primary bank ONLY and click Next.
Important: To prevent installation issues, confirm that you select the primary firmware bank during this step. The backup firmware bank is automatically updated and should not be selected. Administrators who select both check boxes must reinstall their firmware to ensure the primary bank updates properly.
- Wait for the update of the primary firmware bank to complete.
- Click Restart IMM and clear your browser cache.
- After the IMM firmware update is installed, the appliance must be restarted. Lenovo recommends that administrators restart appliances, instead of powering down the hardware to avoid a potential high voltage motherboard condition that can occur.
Log in to the IMM and continue to the next section to mount the firmware ISO and configure the boot options.
Mounting the M4 Firmware ISO
- Click on Remote Control.
- To start the Remote Control session, click on use Active X for Internet Explorer or Java for all other Browsers.
- Click on Start Remote Control in Single User Mode.
NOTE: Administrators should always use single user mode for remote connections for updates.
- Administrators should leave the Allow others to request my remote session disconnect check box clear. It is not recommended for administrators to allow other users to request the active session for firmware updates.
- From the menu, select Virtual Media > Activate.
- From the menu, select Virtual Media > Select Devices to Mount.
- From the Devices window click on Add Image.
- Navigate to the ISO image and click Open.
- Select the CD/DVD QRadar_All_M4 is highlighted and verify that the Mapped check box is selected.
- Click Mount Selected.
- Reboot the appliance to start the software installation process.
- As the appliance is rebooting, press the F12 key to select a boot device.
- In the Boot Devices Manager menu, use the arrow keys to navigate.
- Administrators must clear the Legacy Mode check box, then select the CD/DVDM option and press ENTER.
- The boot screen for the appliance is displayed.
- The IBM ToolsCenter Welcome page is displayed.
- When prompted, select Updates.
- Verify that the bootable media shows the correct machine type for the appliance.
Hardware Details Server Type x3550 M4 BD Server Machine Type 7914
- To start the update, select Click here to start update.
NOTE: Verify that the Updates list contains x3550 M4 BD -- machine type 7914 in the updates list.
- Select your language and click I accept the terms in the license agreement to continue.
- The IBM UpdateXpress System Pack Installer compares the current package with the installed firmware.
- **IMPORTANT**. Verify that all Suggested or Critical check boxes are selected. Administrators can use the first check box to select all options and the installer skips any updates that are Not Required.
- To start applying the updates, click Next on the Update Options page.
The bootable media creator starts to install firmware on the M4 appliance.
- Verify that all the firmware updates are applied, and click Next to complete the update.
- After the update is complete, click Save Log to save the installation log to the USB flash drive. This file can be provided to support in case any issues occurred during the update.
- Select a drive and click OK.
- When all updates are complete, click Finish to reboot the appliance.
After the IMM firmware update is installed, the appliance must be restarted. Lenovo recommends that administrators restart appliances, instead of powering down the hardware to avoid a potential high voltage motherboard condition that can occur. If you experience any installation issues or error messages, you can contact QRadar Support for assistance and open a software support case for your appliance. The support representative can request the firmware logs for review to determine the cause of the error or if replacement hardware is required. If the issue is hardware related, the support representative can change the case type and involve the proper teams to schedule replacement parts.
Emulex Update Error Messages
This update can generate an Emulex installation error message that can be ignored as not all QRadar M5 or M4 appliances ship with an Emulex card. The firmware update contains software to attempt to update the Emulex drivers; however, not all appliances contain an Emulex device and an installation error can be displayed. If the administrator sees the error Emulex "Install did not succeed", verify if the device is part of the appliance configuration.
29 June 2020