This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
MVS_VF
Participant
‎2024-06-26 11:13 PM
Jump to solution

Standard Hotfix update process

Dear Friends,

I am planning to install/update all my 100+ firewalls from R81.20 Take 41 to Take 65. All the firewalls are on MDS in  Active/Standby. I wanted to go through Checkpoint laid down standard process and steps for Hotfix update on each cluster member and steps(if any) on MDS.

Thank you

MVS

0 Kudos
1 Solution

Accepted Solutions
_Val_
Admin
Admin
‎2024-06-27 03:41 AM
Jump to solution

Did you look into the revelant documentation yet? Here is the link for you: https://sc1.checkpoint.com/documents/Jumbo_HFA/R81.20/R81.20/Installation-Uninstall.htm?tocpath=____...

 

With that many FWs, I would recommend the Central Deployment Tool

View solution in original post

4 Replies
_Val_
Admin
Admin
‎2024-06-27 03:41 AM
Jump to solution

Did you look into the revelant documentation yet? Here is the link for you: https://sc1.checkpoint.com/documents/Jumbo_HFA/R81.20/R81.20/Installation-Uninstall.htm?tocpath=____...

 

With that many FWs, I would recommend the Central Deployment Tool

MVS_VF
Participant
‎2024-07-01 05:14 AM
In response to _Val_
Jump to solution

Dear Val, the links are indeed helpful. This is exactly what I was looking, many thanks.

I have one query related to this - which I could not see, that is do I need to install policy after each upgrade? And if yes than both cluster member or the one which is upgraded/not upgraded select for policy push? I am not sure if HotFix upgrade requires policy install step.

Earlier when I did policy install step it was when OS was upgraded R77 to 81. I have change the version name from r77 to r81 in Gateway Cluster Properties-->General Properties-->Platform--->Version and then push the policy.

I followed these steps while upgrading from R77.30 to R81 take 392:

Start with Passive Firewall(ideally)
Install latest/recommended Deployment Agent(DA) if installation is not automatically enabled on the firewalls
Upload/Copy of IOS Image on the concerned firewall
Verify IOS Image - Check_Point_R81_T392
After successful verification - Upgrade FW with IOS image
Upload Hot Fix - Check_Point_R81_JUMBO_HF_MAIN_Bundle_T77
Verify uploaded Hot Fix_Bundle_T77
After successful verification, Install Hot Fix
Change Name to R81 on MDS
Policy Push for version R81 after First Firewall IOS & HF upgrade
Revert to Clish Mode in the both Firewalls CLI

 

Repeat same steps for Active Firewalls
Policy Push for version R81 after First Firewall IOS & HF upgrade
Make sure Primary Firewall is now active

0 Kudos
PhoneBoy
Admin
Admin
‎2024-07-01 11:58 AM
In response to MVS_VF
Jump to solution

It's generally only required for version upgrades (not installing a new JHF).

_Val_
Admin
Admin
‎2024-07-02 04:56 AM
In response to MVS_VF
Jump to solution

No need to install policy after JHF update.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events