cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Highlighted

How to migrate Full HA Cluster(r77.30 to r80.10)?

We have Full HA Cluster(as described in sk60443) on 4600 appliances R77.30. We want to migrate all configuration from it to 5400 appliances R80.10. How to make it correctly?

Tags (3)
14 Replies
Admin
Admin

Re: How to migrate Full HA Cluster(r77.30 to r80.10)?

0 Kudos

Re: How to migrate Full HA Cluster(r77.30 to r80.10)?

Thank you for response. So, if I uderstood correctly, we have to upgrade on 4600 cluster and after that run migrate export/import and save/load configuration commands on respective appliances? Will this be enough to move completely from one to another appliance?

0 Kudos
Olga_Kuts
Silver

Re: How to migrate Full HA Cluster(r77.30 to r80.10)?

Hi Dameon,

As I understand we can use migration tools from R77.30 to R80.10. Will this be enough? I want to note that we need no only upgrade, but move configuration for another appliance.

0 Kudos
Vladimir
Pearl

Re: How to migrate Full HA Cluster(r77.30 to r80.10)?

What are your target appliances models?

0 Kudos
Olga_Kuts
Silver

Re: How to migrate Full HA Cluster(r77.30 to r80.10)?

From 4600 to 5400, as Serhii described above. Full HA Cluster configuration.

0 Kudos
Vladimir
Pearl

Re: How to migrate Full HA Cluster(r77.30 to r80.10)?

Sorry, didn't register first time around.

I've never done a full HA upgrades myself, but this looks to be the safe approach:

1. "Migrate Export" using old version of migration tools on old active cluster member

2. "Migrate Import" on the same version in intermediate VM environment

3. Install R80.10 migration tools in VM

4. Run pre-upgrade verifier

5. Remedy all conflicts discovered by verifier

6. Perform migrate export

7. configure the new cluster for full-HA in isolated environment (you can use offline CPUSE packages to get the version up to date)

8. Perform migrate import

9. Swap the units in production environment 

0 Kudos
Oliver_Fink
Nickel

Re: How to migrate Full HA Cluster(r77.30 to r80.10)?

I am not too familiar with Full HA Cluster, but some of our customers have one. My 2 cents are that I would run "migrate export" on the primary security management server. I would make it the active cluster member before.

Maybe this is not necessary, but I like to be on the safe side.   

0 Kudos

Re: How to migrate Full HA Cluster(r77.30 to r80.10)?

Runing migrate export is certainly good practise, but why when it is active node ? That is a thing i would never recommend to anyone !

0 Kudos
Oliver_Fink
Nickel

Re: How to migrate Full HA Cluster(r77.30 to r80.10)?

After thinking about it for a moment I am quite sure that you are right: No need to use the active member. But I still would look for the primary SMS for migrate export.

0 Kudos

Re: How to migrate Full HA Cluster(r77.30 to r80.10)?

According to documentation, this is the ONLY way to do it - all you can save from sec SMS node is the GAiA config, as the SMS part is installed by the first sync !

0 Kudos
Danny
Pearl

Re: How to migrate Full HA Cluster(r77.30 to r80.10)?

Keep in mind that R80.10 management requires significantly more memory than R77.x management does. So your 5400 appliances should have at least 16GB RAM, 32GB would be better.

In your case I'd recommend:

  1. perform a fresh install of R80.10 (or R80.20) on the new 5400 appliances using the latest ISO build
  2. run the 1st time installation wizard and complete your basic OS configuration (Hostname, DNS, NTP, Routes, ..)
  3. use Check Point's R80.10 Upgrade Verification and Environment Simulation service
  4. download the latest Management Server Migration Tool and scp it to your primary 4600 appliance
  5. run the included pre-upgrade verification tool and check for any warnings or errors -> resolve them
  6. migrate export your R77.30 configuration with the downloaded Migration Tool and scp it over to your 5400 appliances
  7. migrate import your configuration, install database and policy, verify and test your migrated Full-HA cluster
  8. switch cables from your 4600 to your new 5400 appliance cluster
Olga_Kuts
Silver

Re: How to migrate Full HA Cluster(r77.30 to r80.10)?

Thanks a lot!

As for 3rd point:  Check Point's R80.10 Upgrade Verification and Environment Simulation servicenot support StandAlone installation unfortunately. 

And what about Security Gateway which is installed on this appliance too?

Also want to add that migrate export doesn't save Gaia OS configuration. I think we should save it separate.

0 Kudos

Re: How to migrate Full HA Cluster(r77.30 to r80.10)?

You will find all needed information in sk108902 Best Practices - Backup on Gaia OS ! But i have to add that Full HA Cluster is not the configuration of my choice at all - if possible, make this move completely satisfying by changing to a distributed deployment with SMS in VM and 5400 GW cluster.

0 Kudos

Re: How to migrate Full HA Cluster(r77.30 to r80.10)?

You can run pre_upgrade_verifier script on full ha primary machine without issue. And yes, you need to backup Gaia OS configuration and prepare your draft to new platform.

0 Kudos