https://community.checkpoint.com/t5/Firewall-and-Security-Management/S1C-managed-SG9100-Cluster-Upgrade-R81-20-JHFT105-gt-R82JHFT39/m-p/258300#M50651 <P>Dear Community,</P><P>We have a centrally-managed (S1C) SG9100-Cluster Upgrade from R81.20 JHFT105&nbsp;&gt; R82JHFT39 ahead. No private hotfixes installed.<BR />So far R82 is now recommended release and we wanna implement HTTPSi soon, that's why we wanna change first to R82 for less CPU impact. Our S1C tenant is R82 since nearly 10 months.<BR />Until now we did the JHFT-Updates within R81.20 via CPUSE (Gaia GUI).<BR />But I read it's recommended to do that via SmartConsole now, as S1C will do all the automatics by itself (Multiversion Cluster while updating, etc.)<BR />So far I would upgrade with the Blink Image R82 Take 777 including Recommended Jumbo Take 39 which CPUSE also recommends, but over the S1C repository.<BR />Snapshots and backups are made, and also downloaded close to the SG's onsite for any case, console cables are connected and ready to both appliances</P><P>My questions now:</P><UL><LI>Anything against taking the Blink Image R82 T777 with JHFT39?</LI><LI>Would you do the "all cluster member" version upgrade option, or the "install on non-active member only", with turning non-active to active option selected, let it run, test first the R82-upgraded active member, and then proceed with the second one the same way? I ask that because I don't have experiences with the R82 at all, and also not with release upgrades.</LI><LI>Anything to check/prepare upon Wildcard certificates we have active for Mobile access VPN or regular S2S VPN Tunnels?</LI><LI>Anything else somebody experienced?</LI></UL><P>Thank you in advance</P> Fri, 26 Sep 2025 10:49:37 GMT freshwater84 2025-09-26T10:49:37Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/S1C-managed-SG9100-Cluster-Upgrade-R81-20-JHFT105-gt-R82JHFT39/m-p/258300#M50651 <P>Dear Community,</P><P>We have a centrally-managed (S1C) SG9100-Cluster Upgrade from R81.20 JHFT105&nbsp;&gt; R82JHFT39 ahead. No private hotfixes installed.<BR />So far R82 is now recommended release and we wanna implement HTTPSi soon, that's why we wanna change first to R82 for less CPU impact. Our S1C tenant is R82 since nearly 10 months.<BR />Until now we did the JHFT-Updates within R81.20 via CPUSE (Gaia GUI).<BR />But I read it's recommended to do that via SmartConsole now, as S1C will do all the automatics by itself (Multiversion Cluster while updating, etc.)<BR />So far I would upgrade with the Blink Image R82 Take 777 including Recommended Jumbo Take 39 which CPUSE also recommends, but over the S1C repository.<BR />Snapshots and backups are made, and also downloaded close to the SG's onsite for any case, console cables are connected and ready to both appliances</P><P>My questions now:</P><UL><LI>Anything against taking the Blink Image R82 T777 with JHFT39?</LI><LI>Would you do the "all cluster member" version upgrade option, or the "install on non-active member only", with turning non-active to active option selected, let it run, test first the R82-upgraded active member, and then proceed with the second one the same way? I ask that because I don't have experiences with the R82 at all, and also not with release upgrades.</LI><LI>Anything to check/prepare upon Wildcard certificates we have active for Mobile access VPN or regular S2S VPN Tunnels?</LI><LI>Anything else somebody experienced?</LI></UL><P>Thank you in advance</P> Fri, 26 Sep 2025 10:49:37 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/S1C-managed-SG9100-Cluster-Upgrade-R81-20-JHFT105-gt-R82JHFT39/m-p/258300#M50651 freshwater84 2025-09-26T10:49:37Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/S1C-managed-SG9100-Cluster-Upgrade-R81-20-JHFT105-gt-R82JHFT39/m-p/258429#M50683 <P>You are going to perform an in-place upgrade of your cluster, and your MGMT is already on R82.<BR /><BR />Did you read the <A href="https://sc1.checkpoint.com/documents/R82/WebAdminGuides/EN/CP_R82_Installation_and_Upgrade_Guide/CP_R82_Installation_and_Upgrade_Guide.pdf" target="_self">R82 Installation and Upgrade guid</A>e? If you did not, go there and look up MVP cluster upgrade procedure. You literally just need to do it by the book.&nbsp;<BR /><BR />Concerning the version, I would go for the latest recommended release, including Jumbo.&nbsp;</P> Mon, 29 Sep 2025 08:09:37 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/S1C-managed-SG9100-Cluster-Upgrade-R81-20-JHFT105-gt-R82JHFT39/m-p/258429#M50683 _Val_ 2025-09-29T08:09:37Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/S1C-managed-SG9100-Cluster-Upgrade-R81-20-JHFT105-gt-R82JHFT39/m-p/258430#M50684 <P>Hi Val,</P><P>Thanks, we already did the upgrade.<BR />Recommended was to do it via S1C SmartConsole, according to the Upgrade guide (R81 - unfortunately centrally managed upgrade process part on the R82 online guide is down since a few days). But he brought an error with a blocking reason in S1C. Could (even with support) not debug the error any further.<BR />We contacted support, and he said, he would do it via CPUSE. So we did that. Then of course we had the problems with MVP, where he guided us through.<BR />Also he said, he hate blink images - he would always upgrade first to R82 T777 and do the Jumbo's later, so we did in our case.<BR />Everything was fine so far, and we are running on R82 JHFT39</P> Mon, 29 Sep 2025 08:30:09 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/S1C-managed-SG9100-Cluster-Upgrade-R81-20-JHFT105-gt-R82JHFT39/m-p/258430#M50684 freshwater84 2025-09-29T08:30:09Z