This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Neck
Explorer
Thursday

ClusterXL Gateway Upgrade

I have an older pair of R81.20 HA ClusterXL gateways that I need to upgrade to R82.10. I’ve already built a new management server and migrated the database. This is a KVM environment.

Originally, I planned to do an in-place upgrade on the gateways, but now I’m considering building new gateways instead.

My current thought process is:

1) Shut down the current standby gateway.
2) Deploy a new R82.10 VM to replace it.
3) Assign it the same hostname, interfaces, and IP addresses as the old standby.
4) Re-establish/verify SIC with the management server.
5) Push policy and verify functionality.
6) If everything looks good, fail over traffic to the new gateway.
7) Repeat the process for the second gateway.

Does this sound like a valid approach, or is there a better recommended method for upgrading ClusterXL gateways in a KVM environment?

Thanks!

0 Kudos
5 Replies
PhoneBoy
Admin
Admin
Thursday

I've seen a similar process being followed for physical gateways.
Don't see why it wouldn't work here.

0 Kudos
morris
Collaborator
Thursday

Yes this sound like a valid approach. Don't forget to manual copy custom scripts, configs, cronjobs etc.

Before Failover with step 6), enable Multi-Version Cluster and pay attention to the Limitations:

Multi-Version Cluster Limitations

Martijn
MVP Silver
MVP Silver
yesterday

Hi,

When performing major upgrades, most of the time we re-image the gateways via USB with the new version.
Especially when the gateways have gone through a lot of upgrades and hotfix installations in the past.

The procedure you describe is well documented in the Check Point upgrade guides and is basically a Multi Version Cluster ugrade. When following the MVC procedure, you are good to go.

Good luck!

Martijn 

0 Kudos
Don_Paterson
MVP Gold
MVP Gold
yesterday

That's a good plan. 

Its the cloud way, destroy and redeploy. 

While you are doing the project you could look into automation procedures for the future projects. 

https://sc1.checkpoint.com/documents/R82/WebAdminGuides/EN/CP_R82_Gaia_AdminGuide/Content/Topics-GAG...

And/or blink and load configuration clish. 

 

0 Kudos
the_rock
MVP Diamond
MVP Diamond
yesterday

See if below would apply?

https://community.checkpoint.com/t5/Firewall-and-Security-Management/Replace-Upgrade-Cluster/td-p/69...

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events