This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
fjulianom
Advisor
‎2024-09-09 02:28 AM

Doubts about upgrading MDS and SmartEvent server

Hi community,

 

I am in the way of upgrading my customer's MDS and SmartEvent server and have some doubts. The following is said in the R81.20 upgrade guide:

mds_upgrade.PNG

a) After upgrading the MDS, in point 5 when upgrading the SmartEvent server with CPUSE, don't I need to select R81.20 version in the SmartEvent object in SmartConsole first?

b) After upgrading the SmartEvent server, in point 7 when it says "Select the applicable SmartLSM Security Profile objects", what does it mean? When I click on Install Policy, I only have the options to check the Access Control or Threat Prevention Policy, and the Policy Targets, but I don't see any SmartLSM Security Profile object to select.

c) After finishing point 7, will I see all the Domain Management Servers in R81.20?

d) In point 8, how can I be sure the managament database and configuration were upgraded correctly?

e) No Log Exporter reconfiguration is needed?

 

Regards,

Julián

0 Kudos
12 Replies
AkosBakos
Advisor
‎2024-09-09 05:13 AM

Hi @fjulianom 

Here is a link of an R81.20 upgrade guide.

https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_Installation_and_Upgrade_Gui...

First, check these steps. It seemed you read an older or other version of the upgrade guide.

 

  • In step 6 (answer for "A":

    • Important - If your Security Management Server manages dedicated Log Servers or SmartEvent Servers, you must update the version of the corresponding objects in SmartConsole.

  • In step 9 (answer for "B")
    • Important - This step applies only if you enabled the SmartProvisioningClosed Software Blade on this Management Server

Question "C": the object will be on R81.20, it will change automatically

Question "D": Hard question. First, trust in the software. Second, check "random" rules before and after. 

Question "E": to be 100% sure, save the configuration. Last time when R81.10 -> R81.20 the upgrade kept the config.

 

Akos

 

 

----------------
\m/_(>_<)_\m/
fjulianom
Advisor
‎2024-09-09 06:51 AM
In response to AkosBakos

Hi Akos,

 

Thank you very much for your answer.

Your link is for "Upgrading a Security Management Server or Log Server from R80.20 and higher with CPUSE". The link I made a reference is for "Upgrading one Multi-Domain Server from R80.20 and higher with CPUSE" (Upgrading one Multi-Domain Server from R80.20 and higher with CPUSE). My customer has an MDS environment.

Then:

a) Still confused.

b) According to the guide I made a reference, which I think is the correct one because my customer has MDS environment, it says "Important - This step applies to each Domain Management Server that manages SmartLSM Security Profiles." --> how can I know if my Domain Management Servers manages SmartLSM Security Profiles?

c) OK.

d) OK.

e) OK. Then, if for some reason the Log Exporter configuration is not kept (it happens to me once when upgrading SMS from R80.30 to R81.20), do I only have to paste Log Exporter saved configuration?

 

By the way, it seems your R81.20 upgrade guide for SMS makes more sense, but is for SMS and not MDS.

 

Regards,

Julián

0 Kudos
AkosBakos
Advisor
‎2024-09-09 07:04 AM
In response to fjulianom

a) based on my experiece, the version will automaticly change, because the server upgraded itself. I case of a LogServer, you need to set is manually.

b) You can check here that the SmartProvisionig is enabled or not. 

  • In the Gateways & Servers view, double-click the Multi-Domain Server object.

  • In the General Properties page, go to the Management tab, and select Provisioning.
    2024-09-09 16_03_41-Cloud Demo Server [ID_877653519]-R81.20-SmartConsole.png

e) based on my experience I had to configured manually, but from R81.10 -> R81.20 the config was kept. 

Akos

----------------
\m/_(>_<)_\m/
0 Kudos
fjulianom
Advisor
Thursday
In response to AkosBakos

Hi,

 

Final doubt. If I upgrade MDS to R81.20 JHF T89, does the SmartEvent server have to be upgraded to R81.20 with the same JHF?

 

Regards,

Julián

0 Kudos
AkosBakos
Advisor
Thursday
In response to fjulianom

Yes definitely

----------------
\m/_(>_<)_\m/
fjulianom
Advisor
Thursday
In response to AkosBakos

Hi,

 

But I made a verify update in the SmartEvent server and I get this warning:

warning_cpuse.PNG

If I go to sk164258 I see the following:

alignment.PNG

My SmartEvent server has T79. Then, do I have to install JHF 627? And where is this version? I see all other takes here, but not 627. And in addition, if I am going to upgrade the MDS to R81.20 JHF T89, this same take I must install in the SmartEvent as you confirmed before, right?  All this get me confused. What does it mean?

 

Regards,

Julián

0 Kudos
fjulianom
Advisor
Friday
In response to fjulianom

Hi there, 

 

Does anyone understand the warning I received and the associated sk?

 

Regards,

Julian

0 Kudos
emmap
Employee
Employee
Friday
In response to fjulianom

It's saying that as you have a JHF take on your server currently on the source version, there may be fixes installed that are not included in the GA take of the new version, and thusly you should make sure you install the JHF on the new version after the upgrade. Of course, you should always do that anyway, so it's somewhat redundant as a message.

'R81.20 take 627' is referring to the original GA release build of R81.20, not a JHF take. It's unnecessarily confusing and should probably just say 'R81.20 GA'.

JozkoMrkvicka
Mentor
Mentor
Friday
In response to fjulianom

You have some Jumbo installed on top of R81.10. Based on mentioned sk, you should upgrade to R81.20 and then at least install corresponding Jumbo for R81.10 Take XYZ. It is just to have it on at least same patch level as you had on R81.10.

Let's say, you have R81.10 Take 156 installed. That mesaage says just that you should install (based on table within sk164258) Take 79 on top of R81.20.

Better said, you should not leave R81.20 without any Jumbo installed. 

Upgrade is allowed, that message is just information for you to install corresponding Take on newer version where bugs and new features are included as on current version.

PS: You have CPUSE Deployment agent build 2443 (from July 2024). There is already newer build 2474 available (from October 2024).

Kind regards,
Jozko Mrkvicka
fjulianom
Advisor
yesterday
In response to JozkoMrkvicka

Hi @emmap and @JozkoMrkvicka ,

 

Then, according to the sk, I only need to upgrade to R81.20 GA. But after that, do I need to install JHF T89 as I will do with the MDS? I think so, can you confirm?

And yes, this server has CPUSE DA build 2443 because doesn’t have internet access. I plan to install offline DA build 2474 before upgrading. Thanks for the recommendation.

 

Regards,

Julian

0 Kudos
JozkoMrkvicka
Mentor
Mentor
yesterday
In response to fjulianom

Check Point recommends to install Recommended Jumbo Hotfix Accumulator Take for R81.20.

It doesnt mean you have to install any JHF, but you will face many bugs and not patched security vulnerabilities witbout JHF. It is up to you if you will accept such a breach in production system.

If you do upgrade, why not install latest Recommended JHF ? Doesnt make sense to me.

Kind regards,
Jozko Mrkvicka
the_rock
Legend
Legend
yesterday
In response to JozkoMrkvicka

Toally valid point.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events