Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Jeff_Gao
Advisor

Upgrade SMS from windows R55 to R80.40

Dear

      Now,I have windows firewall+SMS R55 version,how to upgrade gaia R80.40,Any suggestions?thanks!

17 Replies
G_W_Albrecht
Legend Legend
Legend

Do you still have a valid support contract that entitles you to updates ? 😉

CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
G_W_Albrecht
Legend Legend
Legend

Without jokes mode: Install R80.40 GAiA GW + SMS in one VM each and configure following the screenshots of your current configuration.

CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Jeff_Gao
Advisor

R55 is old environment, R80.40 is new purchase,i need to migrate R55 policy to R80.40 SMS,if can not migrate with tools,i will do it manual(It takes a long time).

0 Kudos
G_W_Albrecht
Legend Legend
Legend

The only thing you need to migrate from R55 are your rules and objects - and you better construct a new rulebase to help R80.40 destination first rulebase evaluation.

R55 is from around 2006, i would assume ?

CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Bob_Zimmerman
Authority
Authority

R55 would be circa 2004. R60 was already GA with a few HFAs when I started at the TAC in 2006.

Thinking about this, I bet you can get away with R55 to R77.30 directly with the R77.30 upgrade tools. New fields were added, but I don't think anything in the old object and rule format was removed between those versions. Not sure where you would find a copy of the upgrade tools for Windows, though.

How many firewalls are in the environment? Is this a standalone?

0 Kudos
_Val_
Admin
Admin

We are talking about 15 year gap between the versions. You well have to go R55-R60-R65-R70-R75.40, then use upgrade wizard to do the rest

0 Kudos
Jeff_Gao
Advisor

But I can not gain R55-R60-R65-R70 iso

0 Kudos
_Val_
Admin
Admin

Yes, only R70 and up are available for download. Try your local Check Point office, asking for help

0 Kudos
G_W_Albrecht
Legend Legend
Legend

Just start anew. Rethinking the original design may produce simplification, and configuring all the new features will anyway take more time than the rebuild. Condition always is knowledge of R80.40...

CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Bob_Zimmerman
Authority
Authority

One potential hazard of doing the migration this way: I'm pretty sure R60 and R65 sign their internal certificate authorities for 20 years. That puts the expiration out past the 2038 issue, so I don't think you can install them with the correct time anymore. I know for a fact you can't install R55 with the correct time, because it signed its ICA for 30 years.

0 Kudos
PhoneBoy
Admin
Admin

Assuming you had the relevant versions and could step through the upgrade process, you’d pick up a LOT of cruft along the way.
Further, you’re talking about moving from stand-alone to distributed.

You're probably better off recreating it from scratch.
That said, I’ll offer a possible approach.

1. Use odumper/ofiller to get the data off the R55 system: https://community.checkpoint.com/t5/Policy-Management/Exporting-Importing-R77-x-and-Earlier-Configur...

2. Use odumper/ofiller to get the data into a fresh installed R77.30 Management.

3. Migrate export the R77.30 Management and migrate import it to R80.40.

You will probably have several manual steps here but this should handle a good chunk of it.

HeikoAnkenbrand
Champion Champion
Champion

Hi @PhoneBoy and @Jeff_Gao,

nice solution @PhoneBoy 🙂

A couple of years ago I had updated from R55 to R80.10 for a customer. The following steps should be work:

R55 -> R60 -> R65 -> R65 HFA 70 -> R70 -> R70.50 -> R75.40 -> R77.30 -> R80.40 😀

But it is not really fun!

R55 -> R60

r60a.JPG

r60.JPG

R60->R65

 

r70a.JPG
r70.JPG

R70 -> R70.50
r70d.JPG

r70c.JPG

R70.50 - > R75.40
r70.50a.JPG

r70.50.JPG

R75.40 -> R77.30

 

r77.JPG

 

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
G_W_Albrecht
Legend Legend
Legend

...And change from Win to GAiA in R75.40 ? Which version was the last Win StandAlone one ? Image to find all these versions...

CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
PhoneBoy
Admin
Admin

The last version to support Windows was R77.30.

If you really, REALLY want to step through the upgrade process, you can find the old downloads.
Just make sure you tick the "Include unsupported products and versions" box when you search SecureKnowledge.

Screen Shot 2020-10-23 at 2.05.44 PM.png

R65 (which I searched for above and found downloads for) can upgrade R55 per the R65 Upgrade Guide.
That said, I'm not in favor of stepping through multiple upgrades like this.

0 Kudos
_Val_
Admin
Admin

@HeikoAnkenbrand R65 upgrade files are not available for download. I think this is the main challenge

0 Kudos
Ruan_Kotze
Advisor

I was faced with this scenario 18 months back.  I spent about two weeks trying a bunch of things, back and forth.  In the end I put together a team of junior staffers and manually recreated objects and policies over a 48 hour period.

Probably not what you wanted to hear, I know.  For what it's worth - the best I could come up back then was a Check Point whitepaper on going from R65 to R80.

Thanks,
Ruan

Danny
Champion Champion
Champion

I would export the R55 management's object database to XML via cpdb2web (part of WebVis for R55 NG AI - cpdb2web_B541000055_1_ngair55_win32.tgz), then set up a fresh R80.40 SMS and find a way to import the XML data via the Management API. Simple as that. Before running the tool, just copy all .dll files from your R55 SmartConsole directory in to the extracted webvis dir and overwrite the .dlls that are in there.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events