1. Should the NGSE be upgraded first to R80.10 and connect to the R77.30 MDS (sk110894)?
Not supported at this moment
2. Should NGSE be upgraded first to R80.10 and not connect it to the MDS, upgrade the R77.30 MDS to R80.10 the same change window, and then connect the R80.10 SE to R80.10 MDS? I planned on using the same name and IP address.
Since NGSE to R80.10 SE upgrade is not supported, my recommendation is that you would clean install R80.10 SE.
3. Should the R77.30 MDS be upgraded to R80.10 and then upgrade the NGSE to R80.10 in the same change window?
Upgrading MDSM or SmartEvent does not have effect on your production traffic, so a maintenance window is not necessarily needed.
4. Even though the SmartEVent server is a VM, it might not be possible (vm box too small) to keep both NGSE and R80.10 at the same time. Any concerns or suggestions on how make sure no log data is lost (requirement must keep 180 days of logs).
Yeah, but only one can be connected to the MDSM. You will not lose any logging data as logs are stored in the logging server. Only the event database might get lost.
5. Depending on the size of the event database, it could take a very long time to export and import. During the export process, what happens new logs? I need to prevent the loss of any log data. During the import process, what happens to new logs? Do I need to change the configuration on the MDS/firewalls to only log to the MDS during the time the SE is being exporting, upgraded, and imported? Once the SE is upgraded to R80.10 can it receive new logs while the old database is still being imported?
Logs will remain in the logging server. SmartEvent reads the logs from the log server and correlates them to create events. Gateways will start logging to the new log server as soon as policy is pushed to them with the new log server definition. Prior to that they will log to the old server. Logs can be exported/imported from the old log server and this doesn't have anything to do with the SmartEvent.
6. The R80.10 Installation and Upgrade Guide (page 131) says for Upgrading from R77.xx to R80.10, upgrade the primary serving using CPUSE, do a clean install of the secondary, initiate SIC between primary and secondary and wait for them to sync. Since I have a MDS is this still the recommended process? On page 88 it says it is recommended you use database export/migrate to upgrade.
I would do mds_export mds_import and clean install the primary MDS. This would be the safest method IMHO. The bottom line with this statement in the admin guide is that you don't necessarily need to export/import the secondary server. Just do a clean installation and sync it with the primary (you will have to create the secondary domain management servers though).
1. I found https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut... that says how to migrate the events database from SmartEvent server R7x to SmartEvent R80 and above server. Does this include NGSE to R80.10? If not, is there a procedure for NGSE to R80.10? I cannot lose any logs as it is a requirement to maintain 180 days of logs.
To my understanding migration from NGSE to R80.10 is not supported. However, you will not lose logs even if you do a clean installation of SmartEvent. Remember that logs are stored in the log server and SmartEvent Correlation Unit only correlates the logs to create events. So, clean install and you'll be good.
I don't know answers to the two remaining questions.
In complex upgrades like this my recommendation is to utilize Check Point Professional Services.
