Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
kb1
Collaborator

Guys have an important question regarding downgrading gaia for 5100 appliance

So  we have a 5100 , actually we have two 5100s and we are planning to use them in a cluster (both have just been freshly configured with nothing but ip information so far), below are the details for one of these 5100s-

show asset system
Platform: PB-15-00
Model: Check Point 5100
Serial Number: xxxxxxxxxx
CPU Model: Intel(R) Celeron(R) CPU G1820
CPU Frequency: 2195.026
Number of Cores: 2
CPU Hyperthreading: Disabled

Now the problem is both of these firewalls are running Gaia R80.30 out of the box but our management servers (we have 2 servers primary and secondary) are running R80.20, now is it possible to downgrade these firewalls to R80.20? i know that right now we should all be on R80.30 at least but we are actually planning to upgrade all of our firewalls along with servers to R80.40 next year which will be a separate project. Following link is what i found which makes me think that the firewalls do support R80.20-

https://supportcenter.checkpoint.com/supportcenter/portal/user/anon/page/default.psml/media-type/htm...

In the above link "5100" is mentioned as one of the supported models, so i guess they do support R80.20?

Also if they do support R80.20 what is the method i should use to downgrade? I do know about the fresh install using the isomorphic tool via usb device, is this the recommended method? And possibly the only method? And the image included in that link above is an iso image by the way.

Thanks and Regards.

0 Kudos
Reply
2 Replies
firewall1-gx
Contributor

Hi kb1,

Your R80.20 SMS can be able to manage R80.30 gateways if have installed JHF take 91 or R80.40 gateways if have installed JHF take 149. Even supported by Check Point and this information is public (sk137592), but due I be a older Check Point user I say: "management server must be on same version of gateway or newest than gateway version".

My recommendation for your case is: 

1 - Upgrade your SMS from R80.20 for R80.30, R80.40 or R81.
2 - Perform a fresh install of both 5100s using ISO image or CPUSE package using fresh install option.

If you don't agree, you can go ahead using the following recomendation, will work for you too, according sk137592.

1- Upgrade your managemente server for latest JHF take.
2- Create a new object cluster R80.30 on your R80.20 management server.

Warm Regards,

Alisson Lima

0 Kudos
Reply
PhoneBoy
Admin
Admin

For various reasons, older R80.x management can manage newer R80.x management.
This is documented and supported on the appropriate JHF level and, other than not being able to fully leverage the features in the newer version, it works and we have many customers doing this.
R81 gateways can only be managed by R81 management.