This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
johnnyringo
Advisor
‎2022-07-30 04:37 PM
Jump to solution

Tips for upgrading HA clusters in GCP

We have some older R80.30 HA BYOL clusters deployed in Google Cloud and I need to start planning how to upgrade to R80.40 or R81.10 while preserving external IP addresses.  I know this can be done by going to deployment manager, deleting the deployment, and selecting the "Keep resources created by it" option, and finally launching a new cluster with the same name.   

The problem though is in Smart Console.  It seems that just changing the management IP addresses and resetting SIC doesn't work.  Instead, I have to completely remove the cluster from SmartConsole, set it up as if it were a new cluster, then re-install policy.  This is fairly time consuming since any "Install on" rules need to be set to "Policy Targets" and then re-entered after the new cluster is up and running.  The cluster also needs to be removed from any VPN communities and inspection rules, which takes additional time.  

Is there an easier way to do this?  I'm currently estimating 3-4 hours downtime per cluster and would really like to get that to under an hour if possible.  

0 Kudos
1 Solution

Accepted Solutions
Chris_Atkinson
Employee Employee
Employee
‎2022-07-30 07:35 PM
Jump to solution

Are you following the process outlined here or something else?

CloudGuard Network High Availability for Google Cloud Platform R80.30 and Higher Deployment Guide > ....

 

CCSM R77/R80/ELITE

View solution in original post

0 Kudos
4 Replies
Chris_Atkinson
Employee Employee
Employee
‎2022-07-30 07:35 PM
Jump to solution

Are you following the process outlined here or something else?

CloudGuard Network High Availability for Google Cloud Platform R80.30 and Higher Deployment Guide > ....

 

CCSM R77/R80/ELITE
0 Kudos
johnnyringo
Advisor
‎2022-08-03 09:48 PM
In response to Chris_Atkinson
Jump to solution

Thanks, I had not noticed this section.  It will be a couple weeks before I have time to try this out, but it makes sense.  The only caveat I can see is GCP doesn't allow instances in the same zone to have the same name, but I'd imagine this can be worked around by just selecting different zones for the old and new cluster members.

0 Kudos
Nir_Shamir
Employee Employee
Employee
‎2022-07-31 02:57 AM
Jump to solution

Hi,

are you sure you can't just RESET SIC and ReSic the new GWs ? this is usually what I do in any Cluster upgrade in any cloud vendor .

do you get any errors or issues doing this process ?

0 Kudos
johnnyringo
Advisor
‎2022-08-03 09:44 PM
In response to Nir_Shamir
Jump to solution

I'd have to re-lab it, but the problem with just resetting SIC and changing the management IPs is the cluster never forms.  

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
UPCOMING CLOUDMATES EVENTS
    Sort by:
    All CloudMates Events