Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Nicolas_Vanhoek
Participant
Participant

Optimal Service Upgrade of a Security Gateway Cluster R80.30

Morning all.

I was looking at Optimal Service Upgrade from R80.10 to 80.30 (cluster)
"sk107042 ClusterXL upgrade methods and paths " states:

Newly established connections are forwarded to the upgraded cluster members while the cluster members running the previous version continue to inspect the old existing connections.
The more time the upgrade procedure takes, the less old connections exist, and upon stopping the cluster members running the previous version, the connection drop is minimal.
Despite long duration of this upgrade procedure, security and connectivity are fully maintained

But goes against step 4, 8 and 9 of the R80.30 admin guide for OSU
https://sc1.checkpoint.com/documents/R80.30/WebAdminGuides/EN/CP_R80.30_Installation_and_Upgrade_Gui...

4.Disconnect the upgraded Cluster Members M2 and M3 from their networks.
5.On one of the upgraded Cluster Members (M2), connect the Sync cable.
6.Start the Optimal Service Upgrade - on the Active old Cluster Member M1 and on the connected upgraded Cluster Member M2.
7.Stop the Optimal Service Upgrade - on the Active old Cluster Member M1 and on the connected upgraded Cluster Member M2.
8.Disconnect the Active old Cluster Member M1 from its networks.
9.Reconnect the upgraded Cluster Members M2 and M3 (one by one) to their networks.

That will cause is a complete  outage, there are no cable connected.

Did I miss something ?

Kind regards
Niky V

 

 

 

 
0 Kudos
7 Replies
_Val_
Admin
Admin

Yes, this specific method causes a short downtime when switching from the old to upgraded cluster members.

 

Quoting form the manual: 

Select this method, if security is of utmost concern.

During this type of upgrade, all Cluster Members process the network traffic.

Connections that are initiated during the upgrade stay up through the upgrade. A minimal number of connections that were initiated before the upgrade and were not closed during the upgrade procedure, are dropped after the upgrade.

 

If you are looking for uninterrupted connectivity, chose Connectivity Upgrade instead.

0 Kudos
G_W_Albrecht
Legend Legend
Legend

M2 is synced - so the outage is only between

8.Disconnect the Active old Cluster Member M1 from its networks.

9.Reconnect the upgraded Cluster Members M2 and M3 (one by one) to their networks.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
_Val_
Admin
Admin

Correct. And short interruption is mentioned in the description of the method.

0 Kudos
Nicolas_Vanhoek
Participant
Participant

Thanks to you both, Val and Albrecht .
All that you wrote makes sense to me

however
sk107042 under Optimal Service Upgrade (OSU)
"Despite long duration of this upgrade procedure, security and connectivity are fully maintained"

That is not the case .

This comment needs to be removed.

Kind regards
Niky

 

 

 

0 Kudos
_Val_
Admin
Admin

Noted, I will pass it to the relevant team to check and fix.

_Val_
Admin
Admin

Hi @Nicolas_Vanhoek and all, we have fixing the guide now. 

The instructions in the Installation and Upgrade Guides will be corrected to say "connect all the cables" instead of "connect only the Sync interface"

0 Kudos
Nicolas_Vanhoek
Participant
Participant

Thanks you Val

 

Kind regards

Niky

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events