Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Dyslexic155
Participant

Best practice for Upgrade from R80.10 to R80.40

Hello Experts,

We are planning to upgrade our Environment:

Check Point Security Management – Vmware – R80.10 take 462

Check Point Security Gateway 5400 - 1632BA1462 – R80.10 take 462

Check Point Security Gateway 5400 - 1632BA1426 – R80.10 take 462

I have got a couple of questions here:

1) Is it recommended to upgrade from clish, or cpuse or both are the same?

2) Is it better to upgrade the SMS before the gateways?

3) Is the "snapshot" the best backup option in case of upgrade or there is a better option? for both Gws and SMS

4) What's the difference between blink/clean install and upgrade, and which one I should install if am planning to install the latest HF?

 

Clean.jpg

 

Thanks in advance,

0 Kudos
Reply
7 Replies
ottawacanada150
Advisor

Let me try answer your questions the best of my ability and knowledge : )

1) Is it recommended to upgrade from clish, or cpuse or both are the same? Its RECOMMENDED via cpuse. Its possible via clish, but I dont know anyone that does it that way these days.

2) Is it better to upgrade the SMS before the gateways? Thats ALWAYS a must. Otherwise, if you do it the other way around, you cant manage the gateways via server before they are on at least same version.

3) Is the "snapshot" the best backup option in case of upgrade or there is a better option? for both Gws and SMS. You can take snapshot, but backup is enough. If you really want to be safe, take both.

4) What's the difference between blink/clean install and upgrade, and which one I should install if am planning to install the latest HF? Difference is this...think about it if you were to upgrade your home router...it just gets new firmware and if you do clean install, it installs blank version with no config at all. As far as latest HFA, that is checked automatically after upgrade.

I had done upgrade many times, so be free to message me privately if you have any concerns or other questions and I am happy to help you.

 

Cheers and be safe!

Andy

Bob_Zimmerman
Advisor

1) CPUSE is the tool used to update or upgrade. You can interact with CPUSE via the web UI or via clish. The results are identical. I prefer using clish, as I can write out exact commands well ahead of the upgrade window. As opposed to having to tell a person "Click on this, then click on that, then click on the other thing.", I can say "Copy all of these commands, paste them into the CLI, and wait ten minutes." Execution effort goes way down, which 2-AM-Zimmie appreciates.

2) I know R80.10 management actually can manage higher-version firewalls. You just don't get most of the new features from the new firewall version. Improvements to existing features generally work. I suspect this is a pretty rare situation to be in, though, as a SmartCenter or MDS is generally much less political effort to upgrade than a firewall.

0 Kudos
Reply
Dyslexic155
Participant

Hi Andy,

Thanks alot for your detailed feedback, helped me to sort things out.

For the last point am still confused, does this mean that if I use the "clean install", I will have to restore/import a backup to restore the data? But if I just upgrade, it will be upgraded with all the data with no need to restore a backup?

Thanks again,

0 Kudos
Reply
G_W_Albrecht
Champion
Champion

In-Place CPUSE update will keep all the data with no need to restore a backup. Clean install will need the config export from clish for the GWs and migrate_server export from SMS.

0 Kudos
Reply
Dyslexic155
Participant

A snapshot is no use here as it will restore the old OS?

0 Kudos
Reply
Dov_Fraivert
Employee
Employee

Hi Dyslexic.

If you do an Upgrade via CPUSE is automatically created a snapshot.

The differences between Blink images and "old type" of images are:

1) Each Blink image allows to install a specific role of a machine (GW/MGMT/MDS)- resulting in faster installation.

2) Blink image can contain Jumbo, and it allows to install version + the latest jumbo in a single step.

The Blink image for R80.40+JHF T89 GW allows clean install or upgrade.

The Blink image for R80.40+JHF T89 MGMT allows clean install only. But we plan that the blink with the next jumbo (or one after that) will allow upgrade for MGMT as well.


Regards,

ottawacanada150
Advisor

Dont use snapshot, it takes way too much space and you probably wont need it...backup is fine. In worst case, if upgrade fails or something is not compatible, it will revert it anyway.

0 Kudos
Reply