Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Matt_Sherman
Participant

R77.30 MDS HA and NGSE upgrade to R80.10

I have to upgrade to R80.10.  This includes R77.30 MDS High Availability (3050 appliances) and a dedicated SmartEvent server (NGSE VM).  I have found multiple articles and docs, and still have the following questions and concerns.  Any help is much appreciated.

R77.30 MDS HA (3050 appliances) upgrade to R80.10 and NGSE (VM) upgrade to R80.10

1. Should the NGSE be upgraded first to R80.10 and connect to the R77.30 MDS (sk110894)?  

2. Should NGSE be upgraded first to R80.10 and not connect it to the MDS, upgrade the R77.30 MDS to R80.10 the same change window, and then connect the R80.10 SE to R80.10 MDS?  I planned on using the same name and IP address.

3. Should the R77.30 MDS be upgraded to R80.10 and then upgrade the NGSE to R80.10 in the same change window?

4. Even though the SmartEVent server is a VM, it might not be possible (vm box too small) to keep both NGSE and R80.10 at the same time.  Any concerns or suggestions on how make sure no log data is lost (requirement must keep 180 days of logs).  

5. Depending on the size of the event database, it could take a very long time to export and import.  During the export process, what happens new logs?  I need to prevent the loss of any log data.  During the import process, what happens to new logs?  Do I need to change the configuration on the MDS/firewalls to only log to the MDS during the time the SE is being exporting, upgraded, and imported?  Once the SE is upgraded to R80.10 can it receive new logs while the old database is still being imported?  

6.  The R80.10 Installation and Upgrade Guide (page 131) says for Upgrading from R77.xx to R80.10, upgrade the primary serving using CPUSE, do a clean install of the secondary, initiate SIC between primary and secondary and wait for them to sync.  Since I have a MDS is this still the recommended process?  On page 88 it says it is recommended you use database export/migrate to upgrade.  


3 items regarding dedicated SmartEvent NGSE upgrade to R80.10

1. I found https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut... that says how to migrate the events database from SmartEvent server R7x to SmartEvent R80 and above server.  Does this include NGSE to R80.10?  If not, is there a procedure for NGSE to R80.10?  I cannot lose any logs as it is a requirement to maintain 180 days of logs.  

2. I found https://community.checkpoint.com/thread/5549-import-smartevent-reports-from-ngse-to-r8010 that talks about importing report templates.  It was mentioned that the import process would be fixed in a R80.10 JHF.  Has that indeed happened?  Are there any steps needed to export the NGSE report templates and import into R80.10?

3. I found https://community.checkpoint.com/thread/1060 that mentions the procedure to upgrade from NGSE is being working on but hasn't been released yet.  Has it been released and where can it be found?

0 Kudos
5 Replies
G_W_Albrecht
Legend Legend
Legend

I can only answer the last question: According to sk110894, Upgrade from SmartEvent NGSE to R80/R80.x is not supported.

For the other questions i would strongly suggest involving TAC !

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Matt_Sherman
Participant

Thanks for the quick reply.  I was hoping that since NGSE was no longer supported there would be directions on how to get onto a supported code version without losing any data.

0 Kudos
Alejandro_Mont1
Collaborator

I believe you can upgrade both primary and secondary MDS servers via CPUSE. As long as you select the in place upgrade option log files should be preserved. How far back do your log files go?

In regards to the SmartEvent server-it really depends on how far back you retain log files. If you have 180 days worth of logs still on your MDS the process would be pretty simple. Fresh install a new R80.10 Event server and connect it to the MDS. I believe the SmartEvent admin guide has a section detailing the process to read old log files, I believe you would just specify 180 days and it would begin indexing backwards. Keep in mind this can take hours/days to go all the way back and will cause the CPU to spike on the event server. As recommended above I'd engage TAC before making any moves. Also, have you run the upgrade simulation service?

Lari_Luoma
Ambassador Ambassador
Ambassador

1. Should the NGSE be upgraded first to R80.10 and connect to the R77.30 MDS (sk110894)?  

Not supported at this moment

2. Should NGSE be upgraded first to R80.10 and not connect it to the MDS, upgrade the R77.30 MDS to R80.10 the same change window, and then connect the R80.10 SE to R80.10 MDS?  I planned on using the same name and IP address.

Since NGSE to R80.10 SE upgrade is not supported, my recommendation is that you would clean install R80.10 SE.

3. Should the R77.30 MDS be upgraded to R80.10 and then upgrade the NGSE to R80.10 in the same change window?
Upgrading MDSM or SmartEvent does not have effect on your production traffic, so a maintenance window is not necessarily needed. 

4. Even though the SmartEVent server is a VM, it might not be possible (vm box too small) to keep both NGSE and R80.10 at the same time.  Any concerns or suggestions on how make sure no log data is lost (requirement must keep 180 days of logs).  
Yeah, but only one can be connected to the MDSM. You will not lose any logging data as logs are stored in the logging server. Only the event database might get lost.

5. Depending on the size of the event database, it could take a very long time to export and import.  During the export process, what happens new logs?  I need to prevent the loss of any log data.  During the import process, what happens to new logs?  Do I need to change the configuration on the MDS/firewalls to only log to the MDS during the time the SE is being exporting, upgraded, and imported?  Once the SE is upgraded to R80.10 can it receive new logs while the old database is still being imported?  

Logs will remain in the logging server. SmartEvent reads the logs from the log server and correlates them to create events. Gateways will start logging to the new log server as soon as policy is pushed to them with the new log server definition. Prior to that they will log to the old server. Logs can be exported/imported from the old log server and this doesn't have anything to do with the SmartEvent.

6.  The R80.10 Installation and Upgrade Guide (page 131) says for Upgrading from R77.xx to R80.10, upgrade the primary serving using CPUSE, do a clean install of the secondary, initiate SIC between primary and secondary and wait for them to sync.  Since I have a MDS is this still the recommended process?  On page 88 it says it is recommended you use database export/migrate to upgrade.  

I would do mds_export mds_import and clean install the primary MDS. This would be the safest method IMHO. The bottom line with this statement in the admin guide is that you don't necessarily need to export/import the secondary server. Just do a clean installation and sync it with the primary (you will have to create the secondary domain management servers though).

1. I found https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut... that says how to migrate the events database from SmartEvent server R7x to SmartEvent R80 and above server.  Does this include NGSE to R80.10?  If not, is there a procedure for NGSE to R80.10?  I cannot lose any logs as it is a requirement to maintain 180 days of logs.  

To my understanding migration from NGSE to R80.10 is not supported. However, you will not lose logs even if you do a clean installation of SmartEvent. Remember that logs are stored in the log server and SmartEvent Correlation Unit only correlates the logs to create events. So, clean install and you'll be good.

I don't know answers to the two remaining questions.

In complex upgrades like this my recommendation is to utilize Check Point Professional Services.

0 Kudos
Maarten_Sjouw
Champion
Champion

Although it was promised before, you just cannot upgrade NGSE to anything GA at the moment.

Regards, Maarten
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events