This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
H1pp0o
Contributor
‎2024-05-15 02:05 AM

Upgrade from R77x to R80x

Dear Community,

 

I would like to ask you or maybe confirm if the approach of migration will work.

 

We have an old environment running R77.30 ( Mgmt and GW ). Unfortunately we cannot proceed with migrate export process on the SMS. We rebuild the whole policy and objects ( dumping object and rules file with odumper into csv ) on R8.40 SMS. Next step is to swap from old to new SMS. Plan is to disconnect old SMS and re-establish SIC connection with new SMS.

 

Question. If this will work or can we expect some complications ? If so, what kind ?

0 Kudos
9 Replies
the_rock
MVP Platinum
MVP Platinum
‎2024-05-15 06:07 AM

That sounds right, just make sure routing is there, as obviously its needed for SIC to work with the gateway(s), unless its just one standalone machine.

Andy

Best,
Andy
H1pp0o
Contributor
‎2024-05-15 06:31 AM
In response to the_rock

yes, routing and connectivity both ways is open on all CPX required ports.

 

thanks 🙂

the_rock
MVP Platinum
MVP Platinum
‎2024-05-15 06:33 AM
In response to H1pp0o

Then you should be okay.

Andy

Best,
Andy
Tal_Paz-Fridman
MVP Silver CHKP MVP Silver CHKP
MVP Silver CHKP
‎2024-05-15 06:40 AM

Why are you not able to migrate export? Also what about directly upgrading the machine to R80.40 (and then even to a higher version like R81.20)?

 

If you do decide to use the newly built R80.40 Security Management Server consider doing it in stages. Establish SIC with just one Security Gateway and install policy. 

If it works properly (including logs and statuses) and you do not encounter and issue over a predetermined time frame, continue with the next Security Gateway and install policy - first on the newer one and then on both.

Continue until you have moved all the Security Gateways.

H1pp0o
Contributor
‎2024-05-15 07:23 AM
In response to Tal_Paz-Fridman

Migrate export crashed already one node from the SMS HA. So no further risk to make it once again on that remaining member. 

After we move the gateways under new SMS next upgrades to R81.x will be continued.

 

 

Thank you for your help !!

the_rock
MVP Platinum
MVP Platinum
‎2024-05-15 07:27 AM
In response to H1pp0o

Thats my thinking as well.

Andy

Best,
Andy
0 Kudos
the_rock
MVP Platinum
MVP Platinum
‎2024-05-15 09:10 AM
In response to H1pp0o

Personally, I would still try open TAC case if needed, because you are upgrading to supported version, so if you do get stuck, they should be able to help you out. I get its upgrading from unsupported version, but dont believe that should be a stopper.

Andy

Best,
Andy
0 Kudos
H1pp0o
Contributor
‎2024-05-15 10:55 AM
In response to the_rock

Sorry to say that - but even with a valid maintenance contract TAC did not helped in this case at all. 😞

0 Kudos
the_rock
MVP Platinum
MVP Platinum
‎2024-05-15 11:01 AM
In response to H1pp0o

Thats disappointing...maybe bring it up with your Sales person, see if they can push it further. I know any fw vendor will always help if you are going from unsupported to supported firmware/version.

Best,

Andy

Best,
Andy
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events