This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
RemoteUser
Advisor
a month ago
Jump to solution

How to update a GW Azure

Hi all,
I'm running a Check Point gateway in Azure with version R81.20, and I need to upgrade it from one Jumbo Hotfix Take to another. (Maybe the reccomended)
What is the recommended procedure to perform this update in a cloud environment like Azure?
Are there any specific considerations or best practices I should follow?

Thanks in advance for your support!

0 Kudos
5 Solutions

Accepted Solutions
Don_Paterson
Advisor
Advisor
a month ago
Jump to solution

The first link is a key SecureKnowledge article to reference for CloudGuard Network Security in general. The ones below that are good too. 

You should find everything you need them, including best practice. 

There is the option to deploy a new replacement image from the marketplace (which includes the hotfix) but that takes more planning. 

Central Deploy or CPUSE/DA is a good way to go. 

 

https://support.checkpoint.com/results/sk/sk173705 

https://support.checkpoint.com/results/sk/sk109141 

https://support.checkpoint.com/results/sk/sk132192

https://sc1.checkpoint.com/documents/Jumbo_HFA/R81.20/R81.20/Installation-Uninstall.htm?tocpath=____...

 

View solution in original post

Duane_Toler
Advisor
a month ago
Jump to solution

Jumbo HFA for R81.20 can be updated just like any other gateway using whatever method you prefer.  The coordination of the downtime is up to you and your requirements.

 

--
Ansible for Check Point APIs series: https://www.youtube.com/@EdgeCaseScenario and Substack

View solution in original post

Lesley
Mentor Mentor
Mentor
a month ago
Jump to solution

Same as a normal gateway. Maybe worth to make backup/snapshot on Azure level for quick rollback

-------
If you like this post please give a thumbs up(kudo)! 🙂

View solution in original post

Amir_Senn
Employee
Employee
a month ago
Jump to solution

You got very good answers from all the best people here, I would just like to add some additional info and recommendations and tips:

  • The only thing that's actually different between on-premise based solution is the upgrade package. We have a dedicated package for upgrade found in first SK below. Just keep in mind for the future. I also believe that this will be eliminated as well in the future.
  • From my experience, the other most noticeable difference is the partition size. In order to keep costs for you as low as possible, the default storage size for our solution is 100 GB. You can increase it during deployment if you wish to suit your needs. I would take this into consideration the next time you install a new Azure solution or increase the amount of storage for existing solution. SK for increasing storage can also be found below. Upgrade packages are imported to /var/log partition.
  • My preferred procedure for upgrading/installing JHF is by using CDT, very powerful tool IMO. For simplicity, I recommend installing the JHF from SmartConsole. I ripped off GIF from sk168597 to show how simple it is:

gif_s202201041901421.gif

 

In-Place Upgrade packages for CloudGuard Network: https://support.checkpoint.com/results/sk/sk177714

How to increase the disk size of a CloudGuard VM for Azure, AWS, GCP, and OCI: https://support.checkpoint.com/results/sk/sk156552

Central Deployment Tool (CDT): https://support.checkpoint.com/results/sk/sk111158

Kind regards, Amir Senn

View solution in original post

the_rock
Legend
Legend
a month ago
Jump to solution

Ola bro,

Everyone is 100% right. You just do it normal way, like you would on say 9300 model via web UI. I just did one recently in Azure like that.

Andy

View solution in original post

7 Replies
Don_Paterson
Advisor
Advisor
a month ago
Jump to solution

The first link is a key SecureKnowledge article to reference for CloudGuard Network Security in general. The ones below that are good too. 

You should find everything you need them, including best practice. 

There is the option to deploy a new replacement image from the marketplace (which includes the hotfix) but that takes more planning. 

Central Deploy or CPUSE/DA is a good way to go. 

 

https://support.checkpoint.com/results/sk/sk173705 

https://support.checkpoint.com/results/sk/sk109141 

https://support.checkpoint.com/results/sk/sk132192

https://sc1.checkpoint.com/documents/Jumbo_HFA/R81.20/R81.20/Installation-Uninstall.htm?tocpath=____...

 

Duane_Toler
Advisor
a month ago
Jump to solution

Jumbo HFA for R81.20 can be updated just like any other gateway using whatever method you prefer.  The coordination of the downtime is up to you and your requirements.

 

--
Ansible for Check Point APIs series: https://www.youtube.com/@EdgeCaseScenario and Substack
Lesley
Mentor Mentor
Mentor
a month ago
Jump to solution

Same as a normal gateway. Maybe worth to make backup/snapshot on Azure level for quick rollback

-------
If you like this post please give a thumbs up(kudo)! 🙂
Amir_Senn
Employee
Employee
a month ago
Jump to solution

You got very good answers from all the best people here, I would just like to add some additional info and recommendations and tips:

  • The only thing that's actually different between on-premise based solution is the upgrade package. We have a dedicated package for upgrade found in first SK below. Just keep in mind for the future. I also believe that this will be eliminated as well in the future.
  • From my experience, the other most noticeable difference is the partition size. In order to keep costs for you as low as possible, the default storage size for our solution is 100 GB. You can increase it during deployment if you wish to suit your needs. I would take this into consideration the next time you install a new Azure solution or increase the amount of storage for existing solution. SK for increasing storage can also be found below. Upgrade packages are imported to /var/log partition.
  • My preferred procedure for upgrading/installing JHF is by using CDT, very powerful tool IMO. For simplicity, I recommend installing the JHF from SmartConsole. I ripped off GIF from sk168597 to show how simple it is:

gif_s202201041901421.gif

 

In-Place Upgrade packages for CloudGuard Network: https://support.checkpoint.com/results/sk/sk177714

How to increase the disk size of a CloudGuard VM for Azure, AWS, GCP, and OCI: https://support.checkpoint.com/results/sk/sk156552

Central Deployment Tool (CDT): https://support.checkpoint.com/results/sk/sk111158

Kind regards, Amir Senn
RemoteUser
Advisor
a month ago
In response to Amir_Senn
Jump to solution

Thank you all for the thorough answers. It’s just as I imagined, my only concern was whether, being in the cloud, there might be special Jumbo updates or dedicated links to download them, similar to how it works with their images.
But you've now clarified that they can be upgraded just like regular gateways.

the_rock
Legend
Legend
4 weeks ago
In response to RemoteUser
Jump to solution

Glad we can help bro!

Andy

0 Kudos
the_rock
Legend
Legend
a month ago
Jump to solution

Ola bro,

Everyone is 100% right. You just do it normal way, like you would on say 9300 model via web UI. I just did one recently in Azure like that.

Andy

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
UPCOMING CLOUDMATES EVENTS
    All CloudMates Events