This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
velo
Collaborator
‎2026-01-09 06:35 AM

Upgrade 81.20 to 82.x

Has anybody successfully upgraded from 81.20 to 82.x yet?

I'm looking to upgrade from 81.20 to 82.x. My setup is Security Gateways (Clusters) on 81.20, and centrally managed with SMS server on 81.20 as well. 

From the documentation, I can see that the upgrade from 81.20 to 82.x is supported on both Security Gateway, and SMS:

https://sc1.checkpoint.com/documents/R82/WebAdminGuides/EN/CP_R82_RN/Content/Topics-RN/Supported-Upg...

For  the upgrade methods I can see the following supported methods:

SMS Server supports (Gaia Fast Deployment Upgrade)

Security Gateways supports (Central Deployment in SmartConsole)

https://sc1.checkpoint.com/documents/R82/WebAdminGuides/EN/CP_R82_RN/Content/Topics-RN/Supported-Upg...

My upgrade approach is the following:

1. Backup the SMS server.

2. Upgrade the SMS server using Gaia and CPUSE

upgrade.png

 

3. Backup the Security Gateways

4. Use the Central Deployment tool in Smart Console to upgrade each cluster (Right click cluster | Actions | Version Upgrade")

This is usually the approach I use for hotfix upgrades, and it has always gone smoothly. I want to follow the same approach for major version upgrade. Please could my approach be validated?

Thank you

 

 

 

 

0 Kudos
10 Replies
the_rock
MVP Diamond
MVP Diamond
‎2026-01-09 07:05 AM

I did in the lab the other day actually, all through smart console, worked fine, no issues. Yes, took some time, but all went well.

Best,
Andy
0 Kudos
(1)
velo
Collaborator
‎2026-01-12 01:08 AM
In response to the_rock

Thanks Andy. I am going to try and lab it also. 

Bob_Zimmerman
MVP Gold
MVP Gold
‎2026-01-09 09:18 AM

My team upgraded all of our managements the week after R82 was declared the recommended version. We also upgraded about ten clusters a week or two after that, including five of them in a single CDT action.

Blink failed to upgrade our managements to R82 jumbo 34. Maybe it will work to jumbo 44 for you. I would download the R82 upgrade image and jumbo 44 to keep locally on the boxes in case you need to do the upgrade and jumbo separately. Note that management upgrades to a new major version often take 2+ hours. If you have to do the two-step process, the jumbo takes much less time than the upgrade does.

Once you have the management upgraded, import the packages into the SmartConsole package repository. That upgrade method works really well for firewalls. Select one or more clusters, right-click, Actions > Version Upgrade, and point it to R82.

0 Kudos
(1)
velo
Collaborator
‎2026-01-12 01:11 AM
In response to Bob_Zimmerman

Thanks for that. In the past when I have downloaded the package for the firewalls, it stills seems to download from the internet when you start the update. So I stopped doing that. 

Bob_Zimmerman
MVP Gold
MVP Gold
‎2026-01-12 07:03 AM
In response to velo

If the system is downloading the upgrade image again, then something is wrong with how you imported the image you downloaded beforehand. I find the User Center is always misbehaving at exactly the wrong moment (down for maintenance, it takes over an hour to download anything, or whatever), so I keep local copies of the latest CPUSE build, the ISO and CPUSE package for each major version we run, and all the jumbos we run. I copy them to the systems well ahead of my windows, and the systems never download any of them directly from Check Point. It keeps the upgrade windows predictable.

0 Kudos
Alex-
MVP Silver
MVP Silver
‎2026-01-09 01:55 PM

If your SMS runs on VMWare, it's worth it to perform an advanced migration.

This way you can reinstall a new VM with RH8 template + Paravirtual which brings noticeable performance improvements.

(1)
velo
Collaborator
‎2026-01-12 01:12 AM
In response to Alex-

Thanks, I will look into that.

velo
Collaborator
‎2026-01-12 02:28 AM
In response to Alex-

The problem with this is I will have to have a parallel instance on a different IP? Would you do the migration, then shut down the old one, and change the IP of the new one to be the same as the old one? I would have thought changing the IP might cause some issues. 

Alex-
MVP Silver
MVP Silver
‎2026-01-12 05:36 AM
In response to velo

Typically I save the CLISH configuration of the current one and any specific configuration, perform the migrate_server export -v R82, the disconnect the NIC of the existing one, spin up a new VM with R82, stage it with the same IP, FTW, jumbo, migrate_server import -v R82 and that's enough to get started.

0 Kudos
NicklasBargell
Employee Employee
Employee
‎2026-01-12 05:21 AM

I would also perform a migrate_server on the SMS just to be safe. Here is some useful documentation:
sk108902 - Best Practices - Backup on Gaia OS
migrate_server

Regards,

Nicklas

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events