This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
dceko
Participant
3 weeks ago

SMS Upgrade from R81 to R82 : Migrate export Warnings, S2S VPN

Hello community,

We are trying to upgrade CheckPoint Secure Management Seerver from R81 (and R81.20)  to R82.

When we run migrate export, Upgrade report shows warning about verifying the Site to Site VPN Encrytion Domain per Community (screenshot attached). Upgrade report shows same warning with R81, and with R81.20. We have folowed solution with Jumbo Hotfix Accumulator, with no luck.

We have multiple clients with multiple Site to Site VPN tunnels, and as in sk170857 we do not prefer to change as suggested in immediate workaround (VPN Community : According to gateway).

We have tried migrate export with skip warnings in lab environment, it executes with success, and import is succesfull.

I am wondering if anyone have faced this or similar issues or how to resolve it.

Any help appreciated,

Regards,

 

 

 

Preview file
16 KB
0 Kudos
9 Replies
_Val_
Admin
Admin
3 weeks ago

The warning does not indicate that you would face any immediate issues after the upgrade. First, you need to check if you are even using EDCP in the first place. If yes, proceed with extra care.

But if you are already running one of the mentioned versions:

you should not expect any issue at all.

_Val_
Admin
Admin
3 weeks ago
In response to _Val_

To be on the safe side,

  1. Keep your MGMT backup or snapshot for rollback
  2. upgrade yout MGMT
  3. set a service window
  4. select the least important VPN tunnel and push policy on the relevant GWs
  5. observe the results and make corrective actions if required
  6. proceed with the rest of the tunnels one by one
dceko
Participant
3 weeks ago
In response to _Val_

Actually, what we did is we used Jumbo Hotfix Accumulator for R81 Take 107. We will try to use Take 99, and check upgrade report again. For R81.20 we have to check which Take was used.

0 Kudos
Alex-
Leader Leader
Leader
3 weeks ago
In response to dceko

We did upgrade an R81.20 SMS to R82 today with advanced upgrade (migrate_server) and don't see adverse impacts on VPN, they all use custom encryption domains.

Probably a general warning in the verifier.

dceko
Participant
3 weeks ago
In response to Alex-

Hi Alex, 

Just for info, when you did upgrade from R81.20 SMS, did you have to run migrate export with --ignore_warnings flag, or it completed succesfully without it?

Regards

0 Kudos
Alex-
Leader Leader
Leader
3 weeks ago
In response to dceko

Yes, using the flag was necessary.

_Val_
Admin
Admin
3 weeks ago
In response to dceko

In this case, it is already included in the higher Take version

Alex-
Leader Leader
Leader
3 weeks ago

Note the SK states that the fix is actually if you're not in the versions where the behaviour is addressed.

 

0 Kudos
CaseyB
Advisor
3 weeks ago

We had the same warning, I believe it is meant to be more of a "BTW" notice. Every single one of my IPsec VPNs use granular encryption domains and we had zero issues with IPsec VPNs after the upgrade.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events