Upgrading CloudGuard IaaS Security Gateway in Azur... - Page 2

This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.

Reject

Preferences

ABOUT CHECKMATES & FAQ Sign In

Products
Learn
Local User Groups
Partners
- Welcome Partners!
More

Products
Learn
Local User Groups
- Upcoming Events
- Americas
- EMEA
- APAC
  - Korea
  - Mongolia
  - Bangalore
  - Greater China
  - Australia/New Zealand
  - Philippines
  - Japan
  - Singapore
  - India
  - Thailand
  - Taiwan
  - Hong Kong
  - Indonesia
Partners
- Welcome Partners!
More
ABOUT CHECKMATES & FAQ
- About CheckMates & FAQ
- Community Guidelines
Sign In
Leaderboard
Events

R81.20 Single Click VPN
Join The DeepDive Webinar!

What's New In Harmony Endpoint?
Join the TechTalk on Oct 18th!

AI With Check Point -
Security and Strategy

WATCH NOW

Infinity Global Services
Building Cyber Resilience

Learn More!

CheckMates Go:
A Step in the Wrong Direction

LISTEN NOW

YOU DESERVE THE BEST SECURITY
Stay Up To Date

UPGRADE NOW!

Create a Post

CheckMates
:
Products
:
CloudMates Products
:
Cloud Network Security
:
Discussion
:
Upgrading CloudGuard IaaS Security Gateway in Azur...

Options

Subscribe to RSS Feed
Mark Topic as New
Mark Topic as Read
Float this Topic for Current User
Bookmark
Subscribe
Mute
Printer Friendly Page

cancel

Turn on suggestions

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Showing results for

Search instead for

Did you mean:

Are you a member of CheckMates?

Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!

scottikon

Contributor

‎2020-11-17 02:55 AM

Mark as New
Bookmark
Subscribe
Mute
Subscribe to RSS Feed
Permalink
Print
Report Inappropriate Content

Upgrading CloudGuard IaaS Security Gateway in Azure - What is your experience?

What is your experience with upgrading CGI Security Gateways in Azure?

I understand there are two options: -

1) Deploy new gateway with same IPs and migrate

Deploy new gateway
Stop the new GW in order to change the static IPs associated with the VM instance.
Console on to the new GW to change the IPs in clish.
Detach interfaces on old gateway.
Attach interface on new gateway.
Reset SIC
Install policy

Advantages are that no changes in the routing in Azure is required but does require more downtime as you will need to detach the interfaces on the old GW before attached interfaces on the new GW.

2) Deploy new gateway with new IPs and update UDRs

Deploy new gateway
Create gateway object and set SIC
Update policy with new gateway wherever old gateway is referenced
Re-IP licence and re-attach to new gateway.
Install policy
Update all UDRs to reference new IP/VM

First of all, do the above steps look correct or if anyone can help identify any errors or omissions that would be great.

Secondly, if others have followed this to deploy new versions, how did it go? Any pitfalls, gotchas? What was the downtime?

Thanks

Scott

Advantage is that downtime is minimised as sessions will be interrupted but will then match the policy and connect. Disadvantage, significant more changes in preparation to migrate.

0 Kudos