Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Jesus_Cano
Collaborator

Upgrade to R77.30

Hi,

We have a cluster A/P and MGMT in R77.20. We need to upgrade to R77.30. for EOL reasons:

MGMT HW is:

 ESX VMware ESXi 5.5:

               Gaia  R77.20 de 64bit

                2 CPUs - 4GHz (more or less)

                Memory 6GB

                HD 300 GB

Gateways:

   DELL Power Edge R710

                               2 Disk SAS 300 GB of 15 K rpm

                               CPU 2 socks of 2 cores

                               Memory RAM 6 GB

      

So i would like to confirm if this HW is supported for R77.30. And if there is any procedure to upgrade to MGMT, and gateways to R77.30 with all the steps. This upgrade is done using a legacy tar.gz like HF? anything to keep in mind before upgrading?

thanks a lot

8 Replies
Benoit_Verove
Contributor

Hi,

For OpenServer, you have to refer to the Hardware Compatility List to check if your hardware platform is compatible with your target version : Compatible Hardware Archive | Check Point Software 

The upgrade :

For the management, if I can, i allows prefer a fresh install. The migration tools help to export and import all the rules and objects. 

For the gateway, a fresh install would be the best way because of the version gap.

However, the question is :why not considering upgrading to R80.20 since the end of support of R77.30 will occure in 2019 ?

Regards,

Benoit

Jesus_Cano
Collaborator

Hi Benoit,

we do not have much time to think about updating to R80.10. Its easier to upgrade to R77.30 and prepare R80.10 in the future with less workload. Im sure that jumping to R80.10 need more fine-tuning.

So do you have any procedure to upgrade MGMT to R77.30 from R77.20? using migration tools.

Is it possible to upgrade gateways without clean installation? any tar.gz to run and finish Smiley Happy

thanks

0 Kudos
Jesus_Cano
Collaborator

So i thought to upgrade to R77.30 using this legacy tar.gz((https://supportcenter.checkpoint.com/supportcenter/portal/role/supportcenterUser/page/default.psml/m...

Any problem doing like that? anything to keep in mind? any step to do before upgrading?

thanks

0 Kudos
AlekseiShelepov
Advisor

Benoit Verove‌ take a closer look, it's just update from Gaia R77.20 to Gaia R77.30.

So, you want to upgrade something with Check Point software? Then the first thing to do is to go to Upgrade Wizard and put in there your current and planned hardware and software.

For your situation you will find the same package that you already mentioned - Check_Point_R77.30_T204.Gaia.tgz 

Create a snapshot and copy it somewhere safe.

Copy this upgrade file to the server to somewhere in /var/log/ directory, run tar zxvf on it and then ./UnixInstallScript

After that update CPUSE and install the latest Jumbo Hotfix Accumulator (General Availability).

I did this several times recently on Smart-1 management servers (MDS), gateway appliances and on VMs.

If you have some old hotfixes, upgrade might not start. Or Jumbo Hotfix might conflict with them. So, you just delete them. But if you have some case of a special hotfix for you unique situation, it would be better to verify with TAC that this is included in upgrade or Jumbo Hotfix, or to ask for this hotfix for the new version.

0 Kudos
Jesus_Cano
Collaborator

OK. Just several questions.:

When i upgrade the standby node to R77.30. The cluster will be up (with active member in R77.20 and standby in R77.30)? or gateways need to be in the same version to be UP? i want to know if ther ewill be any outage doing the gateways upgrade. 

Thanks Smiley Happy

0 Kudos
AlekseiShelepov
Advisor

As I remember, after upgrade of the secondary node, the status of the cluster should be:

 Checking on FW1 Checking on FW2
FW1 statusActive attention-
FW2 statusDownReady

It means that synchronisation is working.

If you don't have very strict requirements for outage time, I wouldn't bother with things below. Usually most of sessions are working fine right away or in 5 minutes. Some old and picky applications might have some difficulties.

But as SecureXL is enabled, not all sessions are synchronised. You can check that by fw tab -t connections -s. You can disable SecureXL for the time of failover to make these sessions to synchronise too, if there is not much traffic.

ClusterXL upgrade methods and paths 

0 Kudos
Jesus_Cano
Collaborator

Yes, but the standby node will be down after upgrade. So we have to run a "clusterXL_admin down" in the active node,right? we need to test secondary node in R77.30 before upgrading the another one.

0 Kudos
AlekseiShelepov
Advisor

You will need to run cpstop on the old active cluster member.

Please read the Admin Guide, especially if you have strict rules for outage: 

Gaia R77 Versions Installation and Upgrade Guide 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events