This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
DanielEl
Participant
a week ago

SMS Azure Upgrade

Hi Team,

I’m after some insights about upgrading a SMS in Azure from R81.10 to R81.20 as I’ve got entry level experience with Azure.

In place upgrade (https://support.checkpoint.com/results/download/133468) didn’t work throwing an error about partition  “Your partitions are not in Check Point standard format, and an upgrade is not possible. Reinstall your system and verify correct partitioning.” As per sk180769, it looks in place upgrade is not supported.

We're currently considering carrying out an advanced upgrade, however I'm unsure about a few points in Azure. My approach is as follows:

  1. download and install R81.20 upgrade tools on R81.10 SMS
  2. run an upgrade verify, followed by addressing any error, warnings, etc.
  3. export the DB, and copy it out verifying its checksum
  4. shut down the R81.10 SMS, de-associating it’s vNIC
  5. build the new R81.20 SMS from marketplace in the same region (do we need to create a new resource group for it?), having the same name as the R81.10 SMS
  6. associate R81.10’s NIC to R81.20 SMS
  7. install the latest HFA
  8. import the DB

Points 4-6 are bit blurry to me, is this the right approach, did anyone out there go through the same?

Just to note that I went through sk155632 our SMS doesn't have a public ip address as alias just a single private ip address

Labels
Preview file
32 KB
0 Kudos
9 Replies
Nir_Shamir
Employee Employee
Employee
Saturday

Hi,

1-3 are OK.

then you just build a new r81.20 SMS, you don't need to change it's IP address. Just import the DB file to it and import the DB to build you old SMS.

Then change the license to the new IP address and install it on the new SMS and you are set. You will have SIC connectivity with your GW because it's the same DB and certificates.

the_rock
Legend
Legend
Sunday

I had done in-place upgrade couple times and worked without any issues.

Andy

0 Kudos
DanielEl
Participant
Sunday
In response to the_rock

Thanks Andy,

We did raise a ticket with TAC to get their confirmation "I verified the in-place upgrade method would not work for that Azure image, which was deployed in 2022. The only method for this upgrade would be the side-by-side upgrade"

the_rock
Legend
Legend
Sunday
In response to DanielEl

Makes sense...I can totally see logic in what they told you, since I believe in place upgrade became available in 2023, if I recall correctly.

Andy

0 Kudos
Amir_Senn
Employee
Employee
Monday
In response to the_rock

It's because of the multiple partitions. Also not supported for on-prem for upgrading to R81.20.

Kind regards, Amir Senn
Amir_Senn
Employee
Employee
Sunday

We have a dedicated admin guide for upgrading, I suggest following them:

sk162365: Upgrade/Update documentation for CloudGuard Network Security in Public Cloud

sk155632:  How to perform Advanced Upgrade for CloudGuard Network Security Management in AWS, Azure,...

 

Kind regards, Amir Senn
(1)
the_rock
Legend
Legend
Sunday
In response to Amir_Senn

I remember following 1st link both times.

Andy

0 Kudos
DanielEl
Participant
Tuesday

Came across a fantastic video for Chris Martel showing exactly what we're after: https://www.youtube.com/watch?v=dm80UUlsKTI

(1)
the_rock
Legend
Legend
Tuesday
In response to DanielEl

Amazing reference, thank you for that!

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
UPCOMING CLOUDMATES EVENTS
    All CloudMates Events