Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Ugur_Urel
Explorer

Full HA cluster upgrade from R77.30 to R80.30

Hello,

We have two 5200 appliances running as R77.30 Full HA Cluster. We are planning to upgrade to version R80.30. 

In the Installation and Upgrade documentation (https://sc1.checkpoint.com/documents/R80.30/WebAdminGuides/EN/CP_R80.30_Installation_and_Upgrade_Gu...) Checkpoint says that, first upgrade the primary server then clean install the secondary server. This procedure is for upgrading from R77.30 specifically. If upgrading from R80 and above it seems that secondary management server can be upgraded directly.(https://sc1.checkpoint.com/documents/R80.30/WebAdminGuides/EN/CP_R80.30_Installation_and_Upgrade_Gui...)

Since these appliances are Full HA cluster and have security gateway running, what will happen when we first upgrade primary server and reboot? The secondary server will go active as R77.30 and after primary server rebooted can it become active and co-exists in the cluster together with R77.30? 

Also is there any other procedure to upgrade without clean installing the secondary server?

I will be very pleased if someone can give more detailed procedure about the upgrade.

Thanks in advance.

 

 

 

0 Kudos
7 Replies
Maarten_Sjouw
Champion
Champion

before you start the upgrade of the primary, you remove the secondary management object in the SmartDashboard. Now when you reboot the primary management will come back while the R77.30 gateway is the active cluster member. When you flip the cluster to the upgraded machine you will loose active connections (most of the time) and should be done in a maintenance window.
After the clean install in the first time wizard you designate the second box as secondary management and gateway, when done reset SIC and you're up and running again.
Regards, Maarten
fullHA
Explorer

Hey Maarten,

 

I'm planning to follow your explanation; but how do I "remove the secondary management object in the SmartDashboard"?

Also I will have to add it again after upgrading both boxes, so it is recognized again by the SMS on server1, right/ how do is that done?

0 Kudos
G_W_Albrecht
Legend
Legend

The best possible suggestion for this upgrade would be the following:

- Split R77.30 Management from Cluster and establish it in a VM

- Upgrade all three units to R80.30

Out of experience, SMS on VM is preferable to any StandAlone or Full Management HA configuration.

CCSE CCTE CCSM SMB Specialist
0 Kudos
Ugur_Urel
Explorer

I think splitting management is not an option because of licensing. I will follow Marteen's recommendation.

Thank you for the replies. Have a great day!

0 Kudos
G_W_Albrecht
Legend
Legend

If you can not afford to separate the management you have to live longer with Fool HA 😃. I can only declare my deepest sympathy.

CCSE CCTE CCSM SMB Specialist
0 Kudos
Ugur_Urel
Explorer

Thank you for your good wishes 😀

I have read a lot of comments about running Full HA and R80.X on 5200 appliances have 8 GB Ram and now seriously considering to split management. Hope we can choose this path.

0 Kudos
Maarten_Sjouw
Champion
Champion

Be aware that when you do go this path you cannot do that from a R80.10-30 system. You need to pursue this before your migration or wait until you are on R80.40.
Regards, Maarten
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events