This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Vladimir
Champion
Champion
‎2019-02-12 08:03 AM

Management HA upgrade, intermediate policy installation?

When upgrading Management HA from R77.30 to R80.20, after SIC reset of the Secondary Management Server we are prompted to install the policy before proceeding.

Yet in the Upgrade Guide, the steps in section 5 do not address this issue:

Make sure SIC communication works correctly with the Secondary Security Management Server:

  1. Open the Secondary Security Management Server object.
  2. On the General Propertiespage, click Communication.
  3. Click Reset.
  4. Enter the same Activation Key you created during the installation of the Secondary Security Management Server.
  5. Click Initialize.
  6. Click Close.

Click OK.

Can someone clarify if we do need to install the policy or databases after resetting SIC of the Secondary Management Server, or is it safe to Initialize it and then install the database and policy?

Thank you,

Vladimir

5 Replies
Alisson_Lima
Contributor
‎2019-02-12 02:00 PM

Hi Vladimir,

The procedure to upgrade a management server is simple. You start with upgrade on your primary management server using CPUSE or advanced method according target version. When you upgraded the primary management server, open SmartConsole and push a install database only primary management server and you must to install policy on gateways to validate and reestablish connectivity between gateways and primary management server on TCP/257 port (Log).

Once a completed the steps above, you must perform a fresh install of secondary management server using .iso image or CPUSE package and when completed the "First Wizard", reestablish SIC with primary management server. Then, perform a install database on both management servers.

When you started the installation of database on both machines, a full sync process will be initiate to "copy" objects from primary management server to secondary management server.

Ah, don't forget validate logs! (:

I hope I helped you.

Alisson Lima

0 Kudos
Vladimir
Champion
Champion
‎2019-02-12 02:42 PM
In response to Alisson_Lima

Alisson,

Please re-read my question again Smiley Happy

The overall process works as you have described, but at the point when you click "Reset" on the SIC properties of your Secondary Management Server, the pop-up window states that you MUST install policy at this point, PRIOR to re-initialization of SIC with same server.

This step is not reflected in the Upgrade Guide and this exact issue I am trying to get a clarification for.

Do we have to close the properties of the Secondary Management server and install the policy as the pop-up requests we do, or do we initialize SIC and THEN install policy?

Thank you,

Vladimir

0 Kudos
Alisson_Lima
Contributor
‎2019-02-12 04:11 PM
In response to Vladimir

Vladimir,

Did you install policy through primary management server before perform reset SIC on secondary management server? If no, please try to install the policy and let me know if you can estabilish SIC with secondary management normally.

Thank you.

Alisson Lima

0 Kudos
Vladimir
Champion
Champion
‎2019-02-12 09:38 PM
In response to Alisson_Lima

Alisson,

I have completed the upgrade before posting this question.

I have chosen to install database after seeing the popup requesting policy install after SIC reset action.

The problem is that this step is not documented and all I am trying to do is to get some clarity on:

1. Is it required to install policy after "reset" and before "initialize"?

2. Is it safe to complete the initialization and then install the policy?

0 Kudos
Dawei_Ye
Collaborator
‎2019-02-13 01:25 AM

Good question.

But as my experience upgrading R77.20 to R80.10,I didn't see the pop-up states.

Reset SIC and wait for the full sync ,that's all.

Are there any changes in R80.20?

0 Kudos