https://community.checkpoint.com/t5/Spark-Firewall-SMB/SMB-Cluster-automatic-firmware-updates/m-p/40063#M1640 <HTML><HEAD></HEAD><BODY><P>At the first glance, it is a welcome feature to let the SMB update itself to the most recent firmware. Of course, there is always a chance of side effects <span class="lia-unicode-emoji" title=":winking_face:">😉</span> Usually, the update and reboot can occur at a scheduled off hour, so the impact is very low as the reboot takes about 3mins.</P><P></P><P>In a HA config with clustered SMBs we could expect the update to be handled differently on actve and standby node. But f<SPAN style="font-size: 11.0pt;">irmware is not synchronized, each member has to upgrade individually. &nbsp;It is not possible to set a different time for the search for firmware updates on the nodes, so both will always have the same time for update and make that three minute gap inevitable. A possible workaround is to set the date on each member with ~5m difference.</SPAN></P><P></P><P><SPAN style="font-size: 11.0pt;">This a a CP statement from Mai 2015 - i just wonder if it is still working the same way, but i see no new feature that could help here. </SPAN></P><P></P><P><SPAN style="font-size: 11.0pt;">An alternative is not to schedule automatic firmware updates in WebGUI, but to trigger it by scripting - Embedded GAiA lets you activate immediate search and install of firmware updates usind CLI:</SPAN></P><PRE><SPAN style="font-size: 11pt;">set cloud-services-firmware-upgrade activate true frequency immediately-when-available</SPAN></PRE><P><SPAN style="font-size: 11.0pt;">After a certain number of minutes, you can switch it off again:</SPAN></P><PRE><SPAN style="font-size: 11pt;">set cloud-services-firmware-upgrade activate false<BR /></SPAN></PRE><P><SPAN style="font-size: 11.0pt;">This can either be perfomed using any GAiA devices System Management &gt; Job Scheduler page or by activating the crond on the SMB unit, see my CheckMates article </SPAN><A _jive_internal="true" href="https://community.checkpoint.com/docs/DOC-2617-perform-scheduled-scripted-tasks-on-smb-devices">Perform scheduled scripted tasks on SMB devices.</A><SPAN style="font-size: 11.0pt;"><BR /></SPAN></P><P><SPAN style="font-size: 11.0pt;">&nbsp;</SPAN></P><P>Dieses Dokument wurde aus folgender Diskussion erzeugt:&nbsp;<A href="https://community.checkpoint.com/thread/7843">SMB Cluster automatic firmware updates</A></P></BODY></HTML> Thu, 24 May 2018 13:50:01 GMT G_W_Albrecht 2018-05-24T13:50:01Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/SMB-Cluster-automatic-firmware-updates/m-p/40063#M1640 <HTML><HEAD></HEAD><BODY><P>At the first glance, it is a welcome feature to let the SMB update itself to the most recent firmware. Of course, there is always a chance of side effects <span class="lia-unicode-emoji" title=":winking_face:">😉</span> Usually, the update and reboot can occur at a scheduled off hour, so the impact is very low as the reboot takes about 3mins.</P><P></P><P>In a HA config with clustered SMBs we could expect the update to be handled differently on actve and standby node. But f<SPAN style="font-size: 11.0pt;">irmware is not synchronized, each member has to upgrade individually. &nbsp;It is not possible to set a different time for the search for firmware updates on the nodes, so both will always have the same time for update and make that three minute gap inevitable. A possible workaround is to set the date on each member with ~5m difference.</SPAN></P><P></P><P><SPAN style="font-size: 11.0pt;">This a a CP statement from Mai 2015 - i just wonder if it is still working the same way, but i see no new feature that could help here. </SPAN></P><P></P><P><SPAN style="font-size: 11.0pt;">An alternative is not to schedule automatic firmware updates in WebGUI, but to trigger it by scripting - Embedded GAiA lets you activate immediate search and install of firmware updates usind CLI:</SPAN></P><PRE><SPAN style="font-size: 11pt;">set cloud-services-firmware-upgrade activate true frequency immediately-when-available</SPAN></PRE><P><SPAN style="font-size: 11.0pt;">After a certain number of minutes, you can switch it off again:</SPAN></P><PRE><SPAN style="font-size: 11pt;">set cloud-services-firmware-upgrade activate false<BR /></SPAN></PRE><P><SPAN style="font-size: 11.0pt;">This can either be perfomed using any GAiA devices System Management &gt; Job Scheduler page or by activating the crond on the SMB unit, see my CheckMates article </SPAN><A _jive_internal="true" href="https://community.checkpoint.com/docs/DOC-2617-perform-scheduled-scripted-tasks-on-smb-devices">Perform scheduled scripted tasks on SMB devices.</A><SPAN style="font-size: 11.0pt;"><BR /></SPAN></P><P><SPAN style="font-size: 11.0pt;">&nbsp;</SPAN></P><P>Dieses Dokument wurde aus folgender Diskussion erzeugt:&nbsp;<A href="https://community.checkpoint.com/thread/7843">SMB Cluster automatic firmware updates</A></P></BODY></HTML> Thu, 24 May 2018 13:50:01 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/SMB-Cluster-automatic-firmware-updates/m-p/40063#M1640 G_W_Albrecht 2018-05-24T13:50:01Z