Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
smadaan
Explorer

Remote access after upgrade to R81.20

Hi Team,

 

I need to upgrade our Checkpoint security gateways to R81.20 using Ansible automation. I have two queries is it mandatory to run upgrade from console or ssh access will still work after upgrade on initial policy. Also what is the way to run upgrade command in interactive mode as once the gateway reboots , I am not getting any response in non interactive mode 

 

Thanks

0 Kudos
1 Reply
Erik_Lagzdins
Employee Employee
Employee

Hello,

There are several factors to consider before planning your upgrade. Are your firewalls clustered? What version are you starting from? Do you plan to perform a fresh install, or an in-place upgrade?

For in-place upgrades of clustered firewalls, I currently recommend using the automated CDT tool (sk111158). This tools runs from the management server or MDS and will upgrade the firewalls in sequence starting with the standby member with a stateful failover in between.

For upgrades using Ansible, we do not have Gaia modules that perform package installations yet which means you would need to create a playbook using the default Ansible shell/command modules to perform the upgrade flow. Ansible is intended to automate configuration not necessarily upgrade devices, but it can be done.

Here's a simple example of a blink shell task that performs a clean install of a desired FW blink package but also completes the first time wizard based on the answers.xml file, and additional clish configuration based on the blink_custom_content.tgz. I recommend getting familiar with blink to understand all the options if you plan to use a method like this (sk120193).

- name: "Execute the blink"
   shell: blink -i "{{ fw_build_image }}" -u "{{ blink_dir }}user_updates/blink_custom_content.tgz" -a "{{ blink_dir }}installation_logic/answers.xml" --reimage --delete-old-partition && reboot

0 Kudos
Upcoming Events

    CheckMates Events