just compared the release notes R81.10 vs. R81.20. (supported upgrade path > upgrade methods)

I wonder, if R81.10 only supports Hotfix update and R81.20 does support all.

This would means I need to check every single word in the release notes. If the GUI shows the functionality it usually provides it.

just found an error, tcp port 18208 (cprid: checkpoint remote install daemon) from mgmt server to gateway is blocked.

will try to get it open, takes a day to get this done.

Management versions R81, R81.10, and R81.20 all support using SmartConsole to distribute and install major version upgrades on firewalls. Management R80.40 and earlier only supported distributing and installing jumbos.

Yes, CDT uses CPRID to send files (the upgrade package) to and run commands (like to import the package, run the upgrade, etc.) on the firewalls. You need 18208 for it to work. Once you have CPRID working, you can use it to do some other interesting things. yourself, like my script to find differences between cluster members' configurations.

"Clean install" via CPUSE doesn't switch your filesystem. Only a clean install via ISOmorphic will do that.

thank's for clarifying, there is a small difference in the documentation wording "Central Deployment" (the GUI one) and "Central Deployment Tool" (CLI)

Aditional question: does Central Deployment do a clean install or only upgrade ?

afaik normal upgrade does migrate all the configuration (kernel module configs etc) and clean install does not, but clean install upgrades Kernel Version and Filesystem from ext3 to xfs.

just saw from a comment of @PhoneBoy and interpretation of the website with images I can download...

There are 2 installation options:

fresh install with ISO/USB  named "clean install" is the only way to add changes like file system e.g. ext3 to xfs.
But as we make a new system we also have a complete downtime. Its like a complete new install.

upgrade (in-place upgrade) no matter if it is clean install or upgrade, it does not change the file system but kernel should be changed also.
- clean install with CPUSE will not migrate the special configs e.g. kernel.conf
- upgrade with CPUSE will migrate all the configs

For Both there is a the Blink Image (Fast deployment) or a "normal" one, the blink has the latest hotfixes, the normal image almost has not hotfixes afaik.

Hope this is correct, whoever decided to use the term "clean install" for upgrade and also for real fresh install. Seeing repeating discussions in the community forum.

That sounds about right. Also, keep in mind that when using blick image, upgrade seems to be faster.

Best,

Andy

do you know about any problems for upgrading vsx with blink ?

Just saw the hint in R81.20 sk https://support.checkpoint.com/results/sk/sk17390

section downloads and install. (not available for R81.10)

Really again a another restriction? Only for R81.20 because not restriction found for R81.10 in a document.

* Gaia Fast Deployment (Blink) does not support the VSX upgrade.