Thank you brother if i want to upgrade form clish,

I see these two options:

Num Display name Status
3 Blink_image_1.1_Check_Point_R82_T777_JHF_T44_SecurityGateway.tgz Available for Download
** Majors **
5 Check_Point_R82_T777_Gaia_Install_and_Upgrade.tgz Available for Download

What's the difference between these two packages?

If my goal is to upgrade to R82 while keeping all existing configurations intact, are they essentially the same in terms of safety and result? Which one is recommended for an in-place upgrade on a gateway/cluster?

Did you read the upgrade guide yet? Please do and come back if something is unclear after reading. 

Here is the Installation and Upgrade guide for R82, appropriate chapter: https://sc1.checkpoint.com/documents/R82/WebAdminGuides/EN/CP_R82_Installation_and_Upgrade_Guide/Con...

Hi @_Val_  thanks for your response! I'll also take a look at that documentation. However, I didn't really find the answer to my question in it. Maybe it's better if I try it out in the lab to see the difference between the two options (while keeping the same configuration).

Your original question was:
My question is: how can I upgrade these gateways/clusters to R82 while keeping all configurations exactly as they are? Which is the safest method?

The answer is: Use MVC upgrade procedure documented in the Upgrade Guide. You can use either CPUSE or CDT to update. You can also trigger the upgrade procedure from your SmartConsole (Central Deployment)

What else is missing?

Nothing thank you Val!

Hey bro,

Essentially, that would work fine, just one is base R82, no jumbo, other one is R82 jumbo 44, so you can go with one that includes jumbo.

Thank you bro, and both keep the same configuration right?

Thank you so much, brother. Your help is always really appreciated! You are very important to this community.

Hey bro,

I can confirm this in the lab tomorrow, but essentially, if memory serves me well, below would be the steps in clish. Lets just say upgrade file name is called R82_upgrade.tgz, here is what I would do:

1-copy the upgrade file to /var/log dir. I usually make new dir calling it say /upgrade, so you copy it there

2-from expert, run unset tmout

3-go to clish, type installer import local /var/log/upgrade/R82_upgrade.tgz

4-once done, run installer verify and then tab to see the correct file (may need to type full path with file name)

5-if 4 is successful, then installer upgrade (tab again or may need to enter full path for upgrade file)

6-let it run, no need to do ctrl+c, it would reboot once finish anyway and would not time out, since you ran unset tmout

7-once rebooted, check if the right policy is there, but if its initial, would still let you ssh into the device (even web UI would work, but ONLY if its on port 443, not any other)

8-change cluster object in smart console to R82, uncheck if it fails during install

9- do exact same steps for the other member, re-check if it fails when pushing policy, make sure right policy is installed on both members by running fw stat

10- enjoy new version! 🙂

Hope that helps!

Thank you buddy!

Any time!

Hi Andy:

One of my customers is also planning to upgrade from R81.10 to R82, but the firewall is based on Maestro.
Are there any tricky parts or special considerations in terms of the upgrade procedure for a Maestro architecture?

Hey @Vanness_Chen 

Im not 100% sure, as Im not overly versed in maestro, but if I had to take an educated guess, I would say it most likely would not work, since it would have to be done through clish, but maybe someone else can confirm.

Lovely Buddy!

Hope it all goes well!