Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Sanjay_S
Advisor

Upgrade to R81

Hi All,

I am planning to upgrade to R81 the Standalone MDS installed on VM running R80.30Gaia. Please let me know what all do i need to consider before the upgrade. Also we are managing R80.30 Firewalls from this currently. I can see direct upgrade from R80.30 to R81 is possible. So the upgrade is as normal from CPUSE itself? Do you recommend me to upgrade to R81 or R81.10?

Regards,

Sanjay S

0 Kudos
9 Replies
the_rock
Legend
Legend

I would say to R81 first and yes, its always recommend using CPUSE. Obviously, do backups and snapshots if possible prior to doing this. 

0 Kudos
CPRQ
Collaborator

The following R81 upgrade doc can help.

 

R81 Upgrade and Installation Guide - After selecting the type of upgrade you are performing, you will be directed to a step-by-step guide.

R81 Supported Backwards Compatibility - The supported backwards availability chart will note you are able to manage R77.30+ with R81, otherwise you will need to upgrade to a minimum version of R77.30 for the gateway.

R81 Jumbo HotFix Accumulator - Will provide access to the latest JHF for your R81 SMS.

Tsahi_Etziony
Employee
Employee

When you use CPUSE for version upgrade (as opposed to Jumbo installations), a snapshot is created automatically - the new version is deployed in a new partition, and the old root partition becomes a snapshot for a quick revert if needed. 

RamGuy239
Advisor
Advisor

You should be able to do in-place upgrades from R80.30 to R81 on a multi-domain management server. The same goes for the gateways themselves. You can use the standard cpuse package or blink packages for the upgrade.

Do you know if your MDS server already has the new XFS filesystem in place? For management installations, this was introduced along with 3.10 kernel with R80.20 but it requires a clean installation / advanced upgrade. If you came from pre-R80.20 and did an in-place upgrade to R80.30 you won't have the XFS filesystem and especially on a multi-domain management server, it's recommended to get the new filesystem which means that if you don't have it currently you should consider an advanced upgrade as opposed to an in-place upgrade.

You can verify this via console/SSH in expert mode with one of these commands:

df -hT
cat /etc/fstab

It should show if you have ext3 or xfs filesystem.


The same goes for the firewalls. 3.10 kernel for gateways was introduced with R80.40, along with XFS filesystem. In order for you to have it on the gateways you will need to make a backup of their gaia configuration, do a full clean installation via USB/ISO and import the gaia config. But the XFS filesystem isn't that important on the gateways.

Certifications: CCSA, CCSE, CCSM, CCSM ELITE, CCTA, CCTE, CCVS, CCME
0 Kudos
RamGuy239
Advisor
Advisor

When it comes to R81 vs R81.10 it's hard to tell. R81.10 just got release so my experience is very limited. But the load on a management server is much better with R81.10 compared to R80-R81 from my experience. Especially if you don't have a dedicated MLM for logging / Smart Event the load on the management when also handling logging is the one thing I've noticed thus far with R81.10 that has greatly improved compared to older versions.

With that said. I've been installing R81 in a lot of places in the past 6 months. There are quite some issues with accelerated policy installations on R81 from my experience. Even with R81 Take 34. I often have to manually choose to install without acceleration to avoid policy installation errors in various environments. So far I have yet to have any of these issues on R81.10. But then again, I have way more customers and environments running R81 compared to R81.10 so my experience is still quite limited.

But the load on management servers has been an issue for a lot of our customers with R80.20-R81. Most of our customers are running mgmt + logging, and some even mgmt + logging + smartevent on a single installation. And many of those had to split logging/smartevent to their own installation as the load on the management was simply too much when running R80.20-R81 with log indexing and whatnot. So far this seems to be much, much better on R81.10. I'm really impressed with how much better the load on management installations seems to be with R81.10 compared to R80.20-R81 installations.

Certifications: CCSA, CCSE, CCSM, CCSM ELITE, CCTA, CCTE, CCVS, CCME
the_rock
Legend
Legend

Great points. I can only speak for myself...so far, R81 seems great on the management, but cant speak for gateways, since have not seen any in action on that code, so hard to say. But, I believe like with any release, it gets better as time goes on.

0 Kudos
Sanjay_S
Advisor

Hi Ram,

We have both in the filesystem as shown below. So our filesystem is compatible to do inplace upgrade and are we good to go ahead with the upgrade planning? 

Filesystem Type Size Used Avail Use% Mounted on
/dev/mapper/vg_splat-lv_current xfs 225G 71G 155G 32% /
/dev/sda1 ext3 291M 26M 250M 10% /boot
tmpfs tmpfs 32G 4.0K 32G 1% /dev/shm
/dev/mapper/vg_splat-lv_log xfs 1.6T 1.3T 299G 81% /var/log

We have few blades enabled such as URL&Application, Mobile Access, Threat Prevention etc. So is there anything that we need to keep in my mind or any changes to any of these configuration before we do in place upgrade? In the upgrade guide i did not see anything specific to any blades, just needed the confirmation.

0 Kudos
RamGuy239
Advisor
Advisor

Hi, @Sanjay_S 

You are good to go for a simple in-place upgrade as you've got the XFS filesystem already. Even though CPUSE will create a Check Point snapshot I would still recommend you to take a snapshot of your virtual machine before you start and do also take a regular backup and store it somewhere safe just in case.

I'm not aware of any changes between R80.30 and R81/R81.10 on App & URL filtering, Mobile Access or Threat Prevention that you need to take into consideration. You will be able to utilise the new Infinity / Autonomous Threat Prevention on R81/R81.10 but that will require the gateways to be upgraded as well.

Certifications: CCSA, CCSE, CCSM, CCSM ELITE, CCTA, CCTE, CCVS, CCME
0 Kudos
Sanjay_S
Advisor

Thanks Ram for the suggestion. I am planning to upgrade by End of August. I will go ahead with the In place upgrade. Will keep this page updated.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events