Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Advisor

Upgrading Security Gateway from R77.30 to R80.20

Jump to solution

Dear Mates

I have to do an upgrade for one of our Security Gateway from an old appliance running R77 to a new one running R80.20. 

I would like to know if there is a similar procedure like when upgrading a Management Server where we can just export the database from the old machine, and import it into the new one.

How can I accomplish that with upgrading a security gateway. It is not a cluster environment.

Thanks in advance

0 Kudos
2 Solutions

Accepted Solutions
Highlighted

Hi Dialungana,

In essence the upgrade is relatively simple for swapping out the appliances. Depending on the new hardware and the difference between the interfaces etc it could be summarised as the below. 

1) apply offline base configuration on new appliance with correct interface IPs and routing along with the rest of the Gaia configuration.

2) During a maintenance window turn off old appliance and bring online the new one. (Could be done by disabling and enabling ports on your switch)

3) Update the gateway object within SmartConsole, version, reset SIC. Make sure your interface topology is correct within SmartConsole to what has been configured within Gaia.

4) Install Policy.

And you should be good to go. This assumes that you have a dedicated management server and that is running R80.20 and you wish to keep the same gateway name and IP addresses. 

Just out if interest which appliances are you migrating from and to? 

Regards

Mark

View solution in original post

Highlighted
Champion
Champion

To get the current configuration from the R77.30 gateway run the following clish command:

   show configuration

In most situations these parts of the configuration are the ones you need to check and move to the new appliance:

  1. interfaces
  2. static routes
  3. dynamic routing, if any (also check in the WebUI if there is any dynamic routing configured)
  4. SNMP
  5. DNS & NTP
  6. user accounts

Keep in mind that between R77 and R80 the hashes have changed, so do NOT copy password hashes!!

Regards, Maarten

View solution in original post

3 Replies
Highlighted

Hi Dialungana,

In essence the upgrade is relatively simple for swapping out the appliances. Depending on the new hardware and the difference between the interfaces etc it could be summarised as the below. 

1) apply offline base configuration on new appliance with correct interface IPs and routing along with the rest of the Gaia configuration.

2) During a maintenance window turn off old appliance and bring online the new one. (Could be done by disabling and enabling ports on your switch)

3) Update the gateway object within SmartConsole, version, reset SIC. Make sure your interface topology is correct within SmartConsole to what has been configured within Gaia.

4) Install Policy.

And you should be good to go. This assumes that you have a dedicated management server and that is running R80.20 and you wish to keep the same gateway name and IP addresses. 

Just out if interest which appliances are you migrating from and to? 

Regards

Mark

View solution in original post

Highlighted
Champion
Champion

To get the current configuration from the R77.30 gateway run the following clish command:

   show configuration

In most situations these parts of the configuration are the ones you need to check and move to the new appliance:

  1. interfaces
  2. static routes
  3. dynamic routing, if any (also check in the WebUI if there is any dynamic routing configured)
  4. SNMP
  5. DNS & NTP
  6. user accounts

Keep in mind that between R77 and R80 the hashes have changed, so do NOT copy password hashes!!

Regards, Maarten

View solution in original post

Highlighted
Advisor

Hi there,

Migrating from 4200 NGFW to 5200 NGTP.

0 Kudos