Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Kaspars_Zibarts
Authority
Authority

Multi Domain Management experience with R80.40

Jump to solution

Hi, just wondering if anyone has upgraded MDS to R80.40 and what's the experience so far with it? Any major issues that one should be aware of?

1 Solution

Accepted Solutions
Martin_Valenta
Advisor

r20-1, try to publish some changes on CMA and restart cma device on Tufin or use command "cp.client <ID> -full" this will attempt to retrieve full revision

View solution in original post

9 Replies
mk1
Collaborator

Hello Kaspars,

We upgraded from R80.20 and up to this moment everything seems to be fine.

Martin_Valenta
Advisor

running on mds r80.40 with 12 domains, 350+ gateways (vsx,clusterlx,standalone,smb devices) for last 3 months. There were no big issues after upgrade to r80.40, only with integration with Tufin, we've run in issues with paralel API calls, which was fixed by CP as part of HFA sk167509

 

Kaspars_Zibarts
Authority
Authority

@Martin_Valenta do you happen to know which version of Tufin you are running as my Tufin no longer can log into MDS/CMAs 😞

2020-09-03 08:04:20,694  INFO org.apache.cxf.interceptor.LoggingInInterceptor.log:250 [qtp21711298-45] - Inbound Message
----------------------------
ID: 52
Address: http://127.0.0.1:50276/web_api/v1.1/login
Encoding: ISO-8859-1
Http-Method: POST
Content-Type: application/json
Headers: {Accept=[*/*], accept-encoding=[gzip,deflate], connection=[keep-alive], Content-Length=[130], content-type=[application/json], Host=[127.0.0.1:50276], User-Agent=[Apache-HttpClient/4.4.1 (Java/1.8.0_222-ojdkbuild)], X-Forwarded-For=[x.x.x.x], X-Forwarded-Host=[x.x.x.x:443], X-Forwarded-Host-Port=[443], X-Forwarded-Server=[x.x.x.x]}
--------------------------------------
2020-09-03 08:04:20,696  INFO com.checkpoint.management.web_api_is.utils.helpers.ApiCache.<init>:2 [qtp21711298-45] - Cache created and initialized
2020-09-03 08:04:20,697  INFO com.checkpoint.management.web_api.web_services.WebApiEntryPoint.logRequestedCommandInfo:200 [qtp21711298-45] - Executing [login] of version 1.1
2020-09-03 08:04:21,258 ERROR com.checkpoint.management.web_api_is.exceptions.WebApiGeneralException.log:42 [qtp21711298-45] - Error code: [GENERIC_ERR_OBJECT_NOT_FOUND]
2020-09-03 08:04:21,258 ERROR com.checkpoint.management.web_api_is.exceptions.WebApiGeneralException.log:43 [qtp21711298-45] - Error message: [No published session was found in the system]
2020-09-03 08:04:21,259 ERROR com.checkpoint.management.web_api.utils.WebApiCommandExceptionUtils.getErrorReply:15 [qtp21711298-45] -
com.checkpoint.management.web_api_is.exceptions.WebApiGeneralException
        at com.checkpoint.management.web_api_is.utils.RemoteSessionUtils.getLastPublishedWorkSession(RemoteSessionUtils.java:79)
        at com.checkpoint.management.web_api.core.handler.commands.session.login.v1_1.WebApiLoginRequestHandler.buildLoginReply(WebApiLoginRequestHandler.java:21)
        at com.checkpoint.management.web_api.core.handler.commands.session.login.v1_1.WebApiLoginRequestHandler.buildLoginReply(WebApiLoginRequestHandler.java:16)
        at com.checkpoint.management.web_api.core.handler.commands.session.login.WebApiLoginRequestHandler.login(WebApiLoginRequestHandler.java:17)
        at com.checkpoint.management.web_api.core.handler.commands.session.login.v1_1.WebApiLoginRequestHandler.login(WebApiLoginRequestHandler.java:15)
2020-09-03 08:04:21,260  INFO com.checkpoint.management.web_api.web_services.WebApiEntryPoint.postEntryPoint:112 [qtp21711298-45] - In Exception:
ex.toString(): java.lang.reflect.InvocationTargetException
ex.getCause(): com.checkpoint.management.web_api_is.exceptions.WebApiGeneralException
ex.getMessage(): null
Is ex instanceof InvocationTargetException: true
2020-09-03 08:04:21,261  INFO com.checkpoint.management.web_api_is.utils.CsvFileWriterUtils.writeCsvLine:4 [qtp21711298-45] - 2020-09-03,08:04:21 +0200,Apache-HttpClient/4.4.1 (Java/,x.x.x.x y.y.y.y:443,login,FAILED,564
2020-09-03 08:04:21,263  INFO org.apache.cxf.interceptor.LoggingOutInterceptor.log:250 [qtp21711298-45] - Outbound Message
---------------------------
ID: 52
Response-Code: 404
Content-Type: application/json
Headers: {Content-Type=[application/json], Date=[Thu, 03 Sep 2020 06:04:21 GMT]}
Payload: {
  "code" : "generic_err_object_not_found",
  "message" : "No published session was found in the system"
}
--------------------------------------

 

Martin_Valenta
Advisor

r20-1, try to publish some changes on CMA and restart cma device on Tufin or use command "cp.client <ID> -full" this will attempt to retrieve full revision

View solution in original post

Kaspars_Zibarts
Authority
Authority

Bingo! Saved my day buddy! Never had seen this one before!

0 Kudos
Kaspars_Zibarts
Authority
Authority

One additional comment from Tufin support:

Please note Checkpoint R80.40 is only supported in TOS 19-3 and 20-1 (latest HF versions are required). 

0 Kudos
Magnus-Holmberg
Advisor

Upgraded 5 MDS with MLM environments now to R80.40 and it has worked really good 🙂
We did have a few log files/indexes that we needed to clean up, other then that no issues.

https://www.youtube.com/c/MagnusHolmberg-NetSec
Eran_Habad
Employee
Employee

@Magnus-Holmberg  glad to hear, thanks for the feedback!

Also, thank you for posting the video of upgrade trail last month, we reviewed it thoroughly in R&D and we're already implementing some of your feedback 🙂

BTW, what was your previous version on production?

Magnus-Holmberg
Advisor

Thanks! 🙂

We did upgrade from R80.30 HFA215. 
As always make sure to have enough time for you upgrades, we needed about 5hours per MDS environment when we have <30 CMA within them.
We have some bigger once with <75 so it will be interesting how fast they go.
As referens we have our MDS/MLM in vmware with 12 cores and 64GB ram per box and its SSD only.

Keep in mind that MLM is not possible to upgrade before the MDS is upgraded as the "upgrade" button will not be there before.

fwmgmt07.PNG

 



fwmgmt13.PNG

 

regards,
Magnus

https://www.youtube.com/c/MagnusHolmberg-NetSec
0 Kudos