Create a Post
scottikon
Contributor

Upgrading CloudGuard IaaS Security Gateway in Azure - What is your experience?

What is your experience with upgrading CGI Security Gateways in Azure?

I understand there are two options: -

1) Deploy new gateway with same IPs and migrate

  1. Deploy new gateway 
  2. Stop the new GW in order to change the static IPs associated with the VM instance.
  3. Console on to the new GW to change the IPs in clish.
  4. Detach interfaces on old gateway. 
  5. Attach interface on new gateway. 
  6. Reset SIC
  7. Install policy

Advantages are that no changes in the routing in Azure is required but does require more downtime as you will need to detach the interfaces on the old GW before attached interfaces on the new GW. 

 

2) Deploy new gateway with new IPs and update UDRs

  1. Deploy new gateway
  2. Create gateway object and set SIC
  3. Update policy with new gateway wherever old gateway is referenced
  4. Re-IP licence and re-attach to new gateway.
  5. Install policy
  6. Update all UDRs to reference new IP/VM

 

First of all, do the above steps look correct or if anyone can help identify any errors or omissions that would be great. 

Secondly, if others have followed this to deploy new versions, how did it go? Any pitfalls, gotchas? What was the downtime?

 

Thanks

Scott

 

Advantage is that downtime is minimised as sessions will be interrupted but will then match the policy and connect. Disadvantage, significant more changes in preparation to migrate. 

0 Kudos
1 Reply
This widget could not be displayed.