Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Dave_Taylor1
Collaborator
Jump to solution

Production cluster upgrade R77.30 to R80.10

We attempted to upgrade a production cluster today from R77.30 to R80.10. We started with the standby first. Once upgraded it was not able to fetch policy.  It indicated a version mismatch.

We didn’t want to upgrade the active since it was handling production data and we didn’t want to block ourselves from access.

what is the recommendation path to upgrade a production cluster?

 

 

0 Kudos
3 Solutions

Accepted Solutions
Maarten_Sjouw
Champion
Champion

Is this centrally managed (separate management server) if so when you say I was doing a fetch policy, this will not work when you have not changed the version of the cluster and pushed the policy first, It needs to be compiled for the R80.10 version first on management.
When you install policy you need to untick the Install Mode option that when you push to a cluster it will not push when either member fails, like this:

Install Mode R80.PNG
So you want 1 member to be pushed while the other fails as the versions of the 2 members are different.
Now your upgraded member will have the new policy loaded and you will be able to continue your steps.

Regards, Maarten

View solution in original post

0 Kudos
Vladimir
Champion
Champion

Have you changed the Cluster version to R80.10 AND Unchecked the box "For gateway clusters, if installation on a cluster member fails, do not install on that cluster"?

 

If the above two steps are done and changes are published, you should be able to install the policy from the SmartConsole.

It will fail on the cluster member running R77.30 and will succeed on the cluster member running R80.10.

Monitor the progress of the policy installation by clicking "Details" and watching it being applied on individual cluster members.

Then follow the "connectivity upgrade" instructions to complete the upgrade of the cluster.

 

View solution in original post

0 Kudos
Vladimir
Champion
Champion

Glad it worked.

It is actually in documentation but, perhaps, worded a bit differently.

If the answer above was helpful, please click on "Accept as Solution" button under it. 

Regards,

Vladimir

View solution in original post

0 Kudos
13 Replies
JozkoMrkvicka
Authority
Authority

Have a look on Check Point Backward compatibility Map.

In order to upgrade gateway to R80.10, you first need to upgrade management to R80.10 or R80.20.
Security gateway with R80.10 cannot be managed from R77.30 management server.

Kind regards,
Jozko Mrkvicka
0 Kudos
Dave_Taylor1
Collaborator

Thanks for your advice. I am aware the management has to be R80.10.

I was speaking of the cluster gateway.

This has been resolved.

0 Kudos
Maarten_Sjouw
Champion
Champion

Is this centrally managed (separate management server) if so when you say I was doing a fetch policy, this will not work when you have not changed the version of the cluster and pushed the policy first, It needs to be compiled for the R80.10 version first on management.
When you install policy you need to untick the Install Mode option that when you push to a cluster it will not push when either member fails, like this:

Install Mode R80.PNG
So you want 1 member to be pushed while the other fails as the versions of the 2 members are different.
Now your upgraded member will have the new policy loaded and you will be able to continue your steps.

Regards, Maarten
0 Kudos
Dave_Taylor1
Collaborator

I tried this option and had no luck. It still gave me the same error

0 Kudos
Vladimir
Champion
Champion

Have you changed the Cluster version to R80.10 AND Unchecked the box "For gateway clusters, if installation on a cluster member fails, do not install on that cluster"?

 

If the above two steps are done and changes are published, you should be able to install the policy from the SmartConsole.

It will fail on the cluster member running R77.30 and will succeed on the cluster member running R80.10.

Monitor the progress of the policy installation by clicking "Details" and watching it being applied on individual cluster members.

Then follow the "connectivity upgrade" instructions to complete the upgrade of the cluster.

 

0 Kudos
Dave_Taylor1
Collaborator

I tried this in the lab and it worked.

Thank you, very much!

I have yet to find “This” portion mentioned in any documentation. 

0 Kudos
Vladimir
Champion
Champion

Glad it worked.

It is actually in documentation but, perhaps, worded a bit differently.

If the answer above was helpful, please click on "Accept as Solution" button under it. 

Regards,

Vladimir

0 Kudos
Martin_Valenta
Advisor
0 Kudos
Dave_Taylor1
Collaborator

I read documentation. Thanks.

0 Kudos
RickLin
Advisor
Advisor

Reference the Best Practices Guide is the first thing, I think you should do the upgrade in your lab first.

Or you can reference your local SI or CheckPoint Professional Service who have rich experience about ClusterXL upgrade.

Besides, the R80.x Security Management needs more and more hardware resource, include the Hard Disk I/O and space. 

0 Kudos
Dave_Taylor1
Collaborator

Thanks. That is my next step.

0 Kudos
HeikoAnkenbrand
Champion Champion
Champion

More see here:

R80.x - cheat sheet - ClusterXL

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
0 Kudos
Yogesh_Vashisht
Explorer

Hi All, 

This post is very helpful.

Just wondering if someone can also help in confirming if any Hotfix installation is mandatory while upgrade cluster from R77.30 to R80.10 ?

We are using VRRP and DA Build number: 1786 (agent build is up to date) already on devices.

Thanks in advance!

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events