Occasionally, VMware might authorize the update of one or more OS packages to rectify a critical vulnerability that affects a specific version of Unified Access Gateway and for which no viable workaround is available.
You can configure the Unified Access Gateway to automatically fetch and apply any available authorized Photon OS package to the Unified Access Gateway version which has been deployed in your environment. These updates are then fetched and applied automatically when the appliance is next booted.
In earlier versions, such critical updates were performed manually using the tdnf command based on the guidance provided by VMware Global Support Services.
Procedure
- Log in to the Admin UI and in the Configure Manually section, click Select.
- Go to and click the gear box icon.
- In the Appliance Updates Settings window, enter the following information:
Configuration Setting Action Apply Updates Scheme Select the frequency at which the Photon OS and Unified Access Gateway updates can be fetched and applied to Unified Access Gateway.
By default, the updates scheme is
Don’t apply updates
.Important: If you select theApply updates on next boot
scheme, then after the updates are applied at the next immediate reboot of Unified Access Gateway, the scheme is automatically set back to the default value.OS Updates URL Enter the location of the repository from which the Photon OS packages are fetched and applied to the Unified Access Gateway appliance. By default, the value of this text box is https://packages.vmware.com/photon. You can either use the default value or provide a URL to your custom repository by mirroring the default VMware repository. The files in a mirrored repository must not be changed.
The value of this text box must be an absolute URL, which can either be an IP address or hostname prefixed with https.
Note: If you provide your custom URL for OS updates, the settings get applied after a maximum of one minute.Appliance Updates URL Enter the location of the repository from which the Unified Access Gateway authorized OS packages list is fetched and applied to the Unified Access Gateway appliance. By default, the value of this text box is https://packages.vmware.com/uag. You can either use the default value or provide a URL to your custom repository by mirroring the default VMware repository. These files in a mirrored repository must not be changed.
The value of this text box must be an absolute URL, which can either be an IP address or hostname prefixed with https.
Note: If you provide your custom URL for appliance updates, the settings get applied after a maximum of one minute.Trusted Certificates - To select a certificate in PEM format and add to the trust store, click + .
- To provide a different name, edit the alias text box.
By default, the alias name is the filename of the PEM certificate.
- To remove a certificate from the trust store, click -.
Note: Trusted certificate filename must not contain spaces. - Click Save.
Results
After the updates are applied, the Unified Access Gateway appliance gets rebooted and a package-updates.log file is generated. This log file is available in the UAG-log-archive.zip. You can use the package-updates.log file for checking the status of the update and troubleshooting purpose.
For information about accessing UAG-log-archive.zip from the Admin UI, see Collecting Logs from the Unified Access Gateway Appliance.