- Products
- Learn
- Local User Groups
- Partners
- More
Access Control and Threat Prevention Best Practices
5 November @ 5pm CET / 11am ET
Ask Check Point Threat Intelligence Anything!
October 28th, 9am ET / 3pm CET
Check Point Named Leader
2025 Gartner® Magic Quadrant™ for Hybrid Mesh Firewall
HTTPS Inspection
Help us to understand your needs better
CheckMates Go:
Spark Management Portal and More!
Dear Community,
I am looking to upgrade my MDSM from R81.10 JHF Take 110 to the new R81.20.
When I check the CPUSE it is the latest version 2237.
When I check for updates it is no longer showing me the "Major Versions" with R81.20. I only see the following:-
Hotfixes - R81.10 JHF Take 110 installed
Minor Versions (HFAs) - R81.10 SmartConsole BBuilds 418, 414 & 410
Blink Packages - R81.10
- R81.10 MDS + JHF T110 - Available
- R81.10 SM + JHF T110 - Available
- R81.10 MDS + JHF T79 - Downloaded
Has something changed because when I check the R81.20 SK173903 page it shows "Upgrading MDSM" use the CPUSE and Major Versions route.
Any suggestions would be greatly appreciated as I do not really want offload and reload all the current Domains and logs.
Best regards
Andrew
i've did recently MDSM upgrade from r81.10 to r81.20, due to bad partitioning when MDS and MLM were build (system installed over two virtual disks on Dell R730xd) since r80.10 to r81.10 it was not problem, but there is new requirement for partitioning. If you don't see options for r81.20 upgrade, it might be due to that, when you try to import upgrade package from cloud it should appear in your list and then you can run verifier for that package to see what is reason. In my case it required to perform mds_backup, transfer it somewhere, doing clean install of r81.10 + corresponding JHF and mds_restore, then i could see without any interaction that i can upgrade to r81.20 via cpuse..
Hi Andrew
According to logs the issue is:
- Your partitions are not in Check Point standard format, and an upgrade is not possible. Reinstall your system and verify correct partitioning.
I suggest you contact TAC to get more details regarding what exactly is wrong with the way the system is partitioned.
Indeed I see it as a problem that the package is not seen - we will fix it so the message will appear only on verify stage
Sorry for the inconvenience
Ok avid readers, time for the final update.
Successfully managed to migrate the MDSM off the badly provisioned hardware (NOTE: Be very aware of the CORRECT partition requirements!).
I managed with a lot of SCP copying to get all the logs off the MDSM onto the MDLM (only to find that they had also incrorrectly provisioned the hardware - 2 discs instead of the 1 !!).
After getting a new hardware provisioned with the correct partition config I was able, again with many hours of SCP copying of log files, to migrate the MDLM to the valid hardware.
Now that both systems were on valid hardware I was eventually able to upgrade both systems to R81.20. Not easy but with many reboots and a lot of patience, eventually I got there.
Thank you everybody for your support during these difficult times.
Best regards
Andrew
As far as I know this should still be possible.
Recommend a TAC case here: https://help.checkpoint.com
I have heard that CP suggests to wait with an R81.20 upgrade at least until the next Jumbo HF 8)
Edit: Sorry, ignore me. I just noticed they're still the R81.10 packages.
Can't the Blink packages be used to do an upgrade?
Are you using a Smart-1, an open server, or a VM of some kind?
Check Point cuts off support for their own hardware really quickly and artificially prevents newer versions from being installed on it, even if the hardware is more than capable of running the software version. R81.20 won't install on any of the 2014 Smart-1 units (205, 210, 225, 3050, 3150).
This is all running on an Open Server - VMWare ESXi environment.
I have my own lab environment where I tested this and in the lab environment I still had the R81.20 after installing the JHF T110. However, in my lab environment it is complaining:-
The problem now is that the SK says contact Check Point and this is my lab environment so I am now going round in circles to find a way to get support.
Well, they definitely wont help you if its a lab. Can you not just reinstall it?
Andy
Dear Andy,
The whole point of using the LAB environment was to test the different aspects when importing the 3 different domains into the MDSM.
Now the idea was to test the upgrade on the LAB environment to see if there was anything weird and there was.
Now I have tried to restore from a backup but I get even more problems since there are different IP addresses in the LAB compared to the Production.
I have to admit to starting to think about the non-ideal solution: Install a fresh R81.20 MDS and try to restore into it the R81.10 MDS but I do not like this solution at all.
Best regards
Andy
Well, R81.20 would not restore into R81.10, as versions are different. I see @Boaz_Orshav asked you couple of weeks ago to send him the logs? Did you ever end up doing that?
Cheers,
Andy
I just sent them over.
I meant to export the R81.10 Production environment and import into the fresh install f R81.20.
But as I say this is not a preferred option since it will lose some of the logs since everything is running on a single machine at the moment.
Well, its an option, though you are right, probably not the optimal one...
Andy
I would verify with TAC, because I remember when I had mds lab in R81.10, it gave all packages to upgrade to R81.20
Andy
Yep in the LAB it appeared to be fine.
Hi
Can you please send me the tgz created by running "da_cli collect_logs" to boazo@checkpoint.com ?
When a package is not seen on the CPUSE page it is might be because it fails a validation and I'd like to take a look at the logs to understand which validation failed.
Dear,
I have sent over a link to a large transfer site where you can download the logs file.
Best regards
Andy
i've did recently MDSM upgrade from r81.10 to r81.20, due to bad partitioning when MDS and MLM were build (system installed over two virtual disks on Dell R730xd) since r80.10 to r81.10 it was not problem, but there is new requirement for partitioning. If you don't see options for r81.20 upgrade, it might be due to that, when you try to import upgrade package from cloud it should appear in your list and then you can run verifier for that package to see what is reason. In my case it required to perform mds_backup, transfer it somewhere, doing clean install of r81.10 + corresponding JHF and mds_restore, then i could see without any interaction that i can upgrade to r81.20 via cpuse..
Hi Andrew
According to logs the issue is:
- Your partitions are not in Check Point standard format, and an upgrade is not possible. Reinstall your system and verify correct partitioning.
I suggest you contact TAC to get more details regarding what exactly is wrong with the way the system is partitioned.
Indeed I see it as a problem that the package is not seen - we will fix it so the message will appear only on verify stage
Sorry for the inconvenience
Dear,
After working with a TAC engineer we were able to find the Partial domain Verification error and fix it by editing the DB.
For the partition problem you are absolutely right I will need to perform a backup and then install a fresh R81.10 with the correct partition then restore into it.
In the mean time I decided to install a dedicated MDS Log Server so I could offload the logs from the system so that we do not lose them, however, this is now posing a small problem associated with establishing the SIC and I am looking through the support sites for suggestions on how to address this. I will continue my search and if I can't find anything I will open a new post here on Check Mates so I can clearly share my solution with all.
Thanks for all of your support so far fellow Check Mates.
I will come back to you all once I have had the chance to try the upgrade in the LAB.
Best regards
Andy
Thanks for the update @Andrew-OCD
OK time for an update.
I found out that the CPCA was not running on the main MDS in the MDSM server. This was probably due to the fact that I had to stop the MDS for changing the IPs. To fix this problem I performed a full "mdsstop" and "mdsstart" then monitored to see that everything came back to normal and it did.
I managed to create the new Multi-Domain Log Server and all of it's needed Domain Log Servers.
Now for the fun part: trying to get the logs transferred from the MDSM over to the Domain Log Servers before cleaning and performing the upgrade.
Ok avid readers, time for the final update.
Successfully managed to migrate the MDSM off the badly provisioned hardware (NOTE: Be very aware of the CORRECT partition requirements!).
I managed with a lot of SCP copying to get all the logs off the MDSM onto the MDLM (only to find that they had also incrorrectly provisioned the hardware - 2 discs instead of the 1 !!).
After getting a new hardware provisioned with the correct partition config I was able, again with many hours of SCP copying of log files, to migrate the MDLM to the valid hardware.
Now that both systems were on valid hardware I was eventually able to upgrade both systems to R81.20. Not easy but with many reboots and a lot of patience, eventually I got there.
Thank you everybody for your support during these difficult times.
Best regards
Andrew
Good job! Thanks for the update.
Cheers,
Andy
 
					
				
				
			
		
Leaderboard
Epsum factorial non deposit quid pro quo hic escorol.
| User | Count | 
|---|---|
| 17 | |
| 11 | |
| 7 | |
| 6 | |
| 4 | |
| 4 | |
| 3 | |
| 3 | |
| 2 | |
| 2 | 
Tue 28 Oct 2025 @ 11:00 AM (EDT)
Under the Hood: CloudGuard Network Security for Google Cloud Network Security Integration - OverviewTue 28 Oct 2025 @ 12:30 PM (EDT)
Check Point & AWS Virtual Immersion Day: Web App ProtectionTue 28 Oct 2025 @ 11:00 AM (EDT)
Under the Hood: CloudGuard Network Security for Google Cloud Network Security Integration - OverviewTue 28 Oct 2025 @ 12:30 PM (EDT)
Check Point & AWS Virtual Immersion Day: Web App ProtectionThu 30 Oct 2025 @ 03:00 PM (CET)
Cloud Security Under Siege: Critical Insights from the 2025 Security Landscape - EMEAThu 30 Oct 2025 @ 11:00 AM (EDT)
Tips and Tricks 2025 #15: Become a Threat Exposure Management Power User!About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY