cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

Production cluster upgrade R77.30 to R80.10

Jump to solution

We attempted to upgrade a production cluster today from R77.30 to R80.10. We started with the standby first. Once upgraded it was not able to fetch policy.  It indicated a version mismatch.

We didn’t want to upgrade the active since it was handling production data and we didn’t want to block ourselves from access.

what is the recommendation path to upgrade a production cluster?

 

 

0 Kudos
3 Solutions

Accepted Solutions

Re: Production cluster upgrade R77.30 to R80.10

Jump to solution

Is this centrally managed (separate management server) if so when you say I was doing a fetch policy, this will not work when you have not changed the version of the cluster and pushed the policy first, It needs to be compiled for the R80.10 version first on management.
When you install policy you need to untick the Install Mode option that when you push to a cluster it will not push when either member fails, like this:

Install Mode R80.PNG
So you want 1 member to be pushed while the other fails as the versions of the 2 members are different.
Now your upgraded member will have the new policy loaded and you will be able to continue your steps.

Regards, Maarten
0 Kudos
Vladimir
Pearl

Re: Production cluster upgrade R77.30 to R80.10

Jump to solution

Have you changed the Cluster version to R80.10 AND Unchecked the box "For gateway clusters, if installation on a cluster member fails, do not install on that cluster"?

 

If the above two steps are done and changes are published, you should be able to install the policy from the SmartConsole.

It will fail on the cluster member running R77.30 and will succeed on the cluster member running R80.10.

Monitor the progress of the policy installation by clicking "Details" and watching it being applied on individual cluster members.

Then follow the "connectivity upgrade" instructions to complete the upgrade of the cluster.

 

0 Kudos
Vladimir
Pearl

Re: Production cluster upgrade R77.30 to R80.10

Jump to solution

Glad it worked.

It is actually in documentation but, perhaps, worded a bit differently.

If the answer above was helpful, please click on "Accept as Solution" button under it. 

Regards,

Vladimir

0 Kudos
12 Replies

Re: Production cluster upgrade R77.30 to R80.10

Jump to solution

Have a look on Check Point Backward compatibility Map.

In order to upgrade gateway to R80.10, you first need to upgrade management to R80.10 or R80.20.
Security gateway with R80.10 cannot be managed from R77.30 management server.

Kind regards,
Jozko Mrkvicka
0 Kudos

Re: Production cluster upgrade R77.30 to R80.10

Jump to solution

Thanks for your advice. I am aware the management has to be R80.10.

I was speaking of the cluster gateway.

This has been resolved.

0 Kudos

Re: Production cluster upgrade R77.30 to R80.10

Jump to solution

Is this centrally managed (separate management server) if so when you say I was doing a fetch policy, this will not work when you have not changed the version of the cluster and pushed the policy first, It needs to be compiled for the R80.10 version first on management.
When you install policy you need to untick the Install Mode option that when you push to a cluster it will not push when either member fails, like this:

Install Mode R80.PNG
So you want 1 member to be pushed while the other fails as the versions of the 2 members are different.
Now your upgraded member will have the new policy loaded and you will be able to continue your steps.

Regards, Maarten
0 Kudos

Re: Production cluster upgrade R77.30 to R80.10

Jump to solution

I tried this option and had no luck. It still gave me the same error

0 Kudos
Vladimir
Pearl

Re: Production cluster upgrade R77.30 to R80.10

Jump to solution

Have you changed the Cluster version to R80.10 AND Unchecked the box "For gateway clusters, if installation on a cluster member fails, do not install on that cluster"?

 

If the above two steps are done and changes are published, you should be able to install the policy from the SmartConsole.

It will fail on the cluster member running R77.30 and will succeed on the cluster member running R80.10.

Monitor the progress of the policy installation by clicking "Details" and watching it being applied on individual cluster members.

Then follow the "connectivity upgrade" instructions to complete the upgrade of the cluster.

 

0 Kudos

Re: Production cluster upgrade R77.30 to R80.10

Jump to solution

I tried this in the lab and it worked.

Thank you, very much!

I have yet to find “This” portion mentioned in any documentation. 

0 Kudos
Vladimir
Pearl

Re: Production cluster upgrade R77.30 to R80.10

Jump to solution

Glad it worked.

It is actually in documentation but, perhaps, worded a bit differently.

If the answer above was helpful, please click on "Accept as Solution" button under it. 

Regards,

Vladimir

0 Kudos

Re: Production cluster upgrade R77.30 to R80.10

Jump to solution
0 Kudos

Re: Production cluster upgrade R77.30 to R80.10

Jump to solution

I read documentation. Thanks.

0 Kudos
RickLin
Silver

Re: Production cluster upgrade R77.30 to R80.10

Jump to solution

Reference the Best Practices Guide is the first thing, I think you should do the upgrade in your lab first.

Or you can reference your local SI or CheckPoint Professional Service who have rich experience about ClusterXL upgrade.

Besides, the R80.x Security Management needs more and more hardware resource, include the Hard Disk I/O and space. 

0 Kudos

Re: Production cluster upgrade R77.30 to R80.10

Jump to solution

Thanks. That is my next step.

0 Kudos

Re: Production cluster upgrade R77.30 to R80.10

Jump to solution
Tags (1)
0 Kudos