This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Alvine12
Explorer
Tuesday

Migrate Mangement Server R80.40 to R81.20

Hello community,

I am planning to upgrade my Security Management Server from R80.40 to R81.20.
Before proceeding, I would like to confirm the best and safest method recommended by the community and Check Point experts.

My environment:

  • Management Server running R80.40
  • Upgrade target: R81.20 (Blink or CPUSE package)
  • I want to avoid issues related to Upgrade Tools versioning, disk space usage, CPUSE repository errors, or migration failures

So I would like to ask:

What is the safest upgrade method for R80.40 → R81.20?

  • In‑place upgrade through CPUSE?
  • Or Advanced Upgrade (export with migrate_server, clean install, then import)?

I would appreciate any recommended best practices or lessons learned from administrators who already performed this upgrade.

Thank you!

0 Kudos
4 Replies
_Val_
Admin
Admin
Tuesday

Physical appliance or a virtual machine? If former, which model? If latter, which platform?

Also, why don't you upgrade to the recommended version, R82, and stay two versions behind with your management server?

0 Kudos
Alvine12
Explorer
Tuesday
In response to _Val_

Thank you for your feedback.
Here are the details of my Management Server:
Product version: Check Point Gaia R80.40
OS build: 294
Edition: 64‑bit
My Management Server runs on a Virtual Machine on VMware ESXi (vSphere).
At the moment, I cannot upgrade the Management Server to R81.20 because I still have one cluster gateway running R80.40. I plan to migrate this cluster later, but for now the management must remain compatible with this older version.
This is why I am targeting R81.20, which still supports managing R80.40 gateways until I complete the gateway upgrades.

 

0 Kudos
Vincent_Bacher
MVP Silver
MVP Silver
Tuesday
In response to Alvine12

On VMware I would always prefer upgrade using migrate export and import.

You can easily create a dummy vlan on VMware and clean install R81.20 on a new virtual machine with productibe IP attached to this vlan and install latest jumbo.

Then you can easily import the migrate export on this management server and if you want check everything wih a virtual client in the same vlan.

once all good you can assign any dummy vlan to the production management and get the new vm into production vlan to set it into production 

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite
0 Kudos
_Val_
Admin
Admin
Tuesday

Here is what AI Copilot is saying about this:

This is Check Point AI Assistant.

Upgrading your Security Management Server from R80.40 to R81.20 is a significant step, and your focus on safety and best practices is excellent. Below, I’ll summarize the safest upgrade methods, community recommendations, and key best practices for your scenario.

Safest Upgrade Method: R80.40 → R81.20

1. Upgrade Methods Overview

Method Description Pros Cons
In-place Upgrade Use CPUSE or Blink to upgrade the existing server directly. Faster, less downtime, preserves settings Risk of leftover issues, disk space, or repository errors
Advanced Upgrade Export database (migrate_server), clean install R81.20, then import. Cleanest, resolves legacy issues, best for major upgrades More downtime, requires new VM or hardware

2. Check Point & Community Recommendations

Check Point Best Practice

  • Advanced Upgrade is generally recommended for major version jumps (like R80.40 → R81.20), especially if:
    • The server has been upgraded multiple times before.
    • You want to minimize the risk of legacy issues.
    • You have enough resources to perform a clean install and migration.

In-place Upgrade (CPUSE/Blink)

  • Suitable if your environment is simple, disk space is sufficient, and you have not experienced previous upgrade issues.
  • Risks: Disk space, repository errors, or leftover configuration problems.

Advanced Upgrade (Export/Import)

  • Steps:
    1. Export the management database using the latestmigrate_servertool from R81.20.
    2. Clean Install R81.20 on new hardware/VM or after wiping the current server.
    3. Import the database.
  • Benefits: Clean OS, resolves legacy issues, and is the safest for long-term stability.

3. Best Practices & Lessons Learned

Preparation

  • Backup: Take a full backup and snapshot of your current server.
  • Disk Space: Ensure at least 20–30 GB free disk space before starting.
  • Upgrade Tools: Always use the latestmigrate_servertool from the R81.20 package, even when exporting from R80.40.
  • Check Compatibility: Verify all connected gateways and clients are compatible with R81.20.

During Upgrade

  • Test in Lab: If possible, perform a test upgrade in a lab environment.
  • Monitor Logs: Watch for errors in/var/log/and CPUSE logs.
  • Network Access: Ensure you have console access in case of issues.

Post-Upgrade

  • Verify Functionality: Check SmartConsole, policy installation, and logs.
  • Reinstall Hotfixes: Any custom hotfixes must be reapplied after upgrade.
  • Update Licenses: Make sure licenses are valid for R81.20.

4. Summary Table

Scenario Recommended Method
Cleanest, safest, major upgrade Advanced Upgrade
Simple, recent install, minimal changes In-place (CPUSE/Blink)

5. References & Further Reading

Final Recommendation

For most production environments, especially with a long upgrade history or complex configurations, the Advanced Upgrade (export, clean install, import) is the safest and most robust method.
If you have a simple, recently installed environment and have validated all prerequisites, an in-place upgrade via CPUSE or Blink can be considered.

Always test the upgrade process in a lab if possible, and ensure you have full backups before proceeding.

If you need step-by-step instructions for either method, let me know!

BE AWARE
Important - To prevent negative impact on your production environment, double-check the provided information in the Administration Guide for the involved product.
 
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    In-Person

    Tue 24 Feb 2026 @ 04:30 PM (EST)

    Las Vegas: MDR/XMDR
    In-Person

    Wed 25 Feb 2026 @ 04:30 PM (MST)

    Tempe, AZ: MDR/MXDR
    In-Person

    Fri 06 Mar 2026 @ 08:00 AM (COT)

    Check Point R82 Hands‑On Bootcamp – Comunidad DOJO Panamá
    In-Person

    Wed 11 Mar 2026 @ 12:00 PM (MDT)

    CheckMates Live Denver!
    CheckMates Events