This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Sanjay_S
Advisor
‎2020-05-12 03:07 AM

R80.10 to R80.30 Migration

Hi All,

We are planning to migrate our MDS to R80.30 on to a VM from a physical box. Currently we are running on R80.10.

We have already build the new MDS, below are the details.

Product Name: SVN Foundation
SVN Foundation Version String: R80.30
SVN Foundation Build Number: 993000019
SVN Foundation Status: OK
OS Name: Gaia
OS Major Version: 3
OS Minor Version: 10
OS Build Number: -
OS SP Major: -
OS SP Minor: -
OS Version Level:
Appliance SN:
Appliance Name: VMware Virtual Platform
Appliance Manufacturer: VMWare

 

This is Check Point CPinfo Build 914000196 for GAIA
Local host is not a Gateway
[IDA]
No hotfixes..

[CPFC]
HOTFIX_R80_30_JUMBO_HF_MAIN Take: 191

[MGMT]
HOTFIX_R80_30_JUMBO_HF_MAIN Take: 191

[FW1]
HOTFIX_R80_30_JUMBO_HF_MAIN Take: 191

FW1 build number:
This is Check Point Security Management Server R80.30 - Build 021
This is Check Point's software version R80.30 - Build 002

[SecurePlatform]
HOTFIX_GOGO_LT_HEAT_JHF Take: 191

[NGXCMP]
No hotfixes..

[EdgeCmp]
No hotfixes..

[SFWCMP]
No hotfixes..

[SFWR75CMP]
No hotfixes..

[SFWR77CMP]
No hotfixes..

[FLICMP]
No hotfixes..

[R75CMP]
No hotfixes..

[R7520CMP]
No hotfixes..

[R7540CMP]
No hotfixes..

[R76CMP]
HOTFIX_R80_30_JHF_COMP Take: 191

[R77CMP]
HOTFIX_R80_30_JHF_COMP Take: 191

[PROVIDER-1]
HOTFIX_R80_30_JUMBO_HF_MAIN Take: 191

[Reporting Module]
HOTFIX_R80_30_JUMBO_HF_MAIN Take: 191

[SmartLog]
HOTFIX_R80_30_JUMBO_HF_MAIN Take: 191

[CPinfo]
No hotfixes..

[VSEC]
HOTFIX_R80_30_JUMBO_HF_MAIN Take: 191

[DIAG]
No hotfixes..

[MGMTAPI]
No hotfixes..

[CPUpdates]
BUNDLE_INFRA_AUTOUPDATE Take: 26
BUNDLE_DEP_INSTALLER_AUTOUPDATE Take: 13
BUNDLE_R80_30_JUMBO_HF_MAIN_gogoKernel Take: 191

[SFWR80CMP]
No hotfixes..

[CPDepInst]
No hotfixes..

[AutoUpdater]
No hotfixes..

We are not finding any documents which suggests to migrate one CMA at a time, we tried to run the pre upgrade verifier as same as the migration we did for R77 to R80 using below format which did not work.

./pre_upgrade_verifier -p /opt/CPmds-R80/customers/Customer123_Management_Server/CPsuite-R80/fw1/ -c R80.10 -t R80.30

Could you please suggest us how to proceed further on this? We have more than 20 CMAs configured and all have different setup. Few enabled with URL filtering, few with IPS and few with Mobile Access blade etc. So what would be the best way to migrate? Also any document to migrate one CMA at a atime?

18 Replies
Chris_Atkinson
Employee Employee
Employee
‎2020-05-12 03:41 AM

Hi,

The first point of reference for these enhancements as introduced in R80.40 is sk156072.

CCSM R77/R80/ELITE
Sanjay_S
Advisor
‎2020-05-12 06:02 AM
In response to Chris_Atkinson

Thank you Chris,

Can we use this for R80.30 as well? Because you say introduced in R80.40.
0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2020-05-12 06:10 AM
In response to Sanjay_S

Yes post release it was also introduced via Jumbo Hotfixes for select earlier versions e.g. R80.30 JHF Take 135 (and above).

CCSM R77/R80/ELITE
Sanjay_S
Advisor
‎2020-05-12 11:02 AM
In response to Chris_Atkinson

Great. Thank you Chris.
Our New MDS has already installed with JHF 191. So we are eligible for Domain migration from R80.10 to R80.30. I will start working on it and then keep this source updated.
0 Kudos
Sanjay_S
Advisor
‎2020-05-12 11:15 AM
In response to Sanjay_S

Chris also just want to know there is no pre-upgrade verifier as such in this method right? Because no where in the SK suggests verifier.
0 Kudos
Sanjay_S
Advisor
‎2020-05-18 03:25 AM
In response to Sanjay_S

Hi All,
I tried using sk156072 but it is prompting the below error when i run the Migrate-import command on MDS.
Ran the command in Expert mode of MDS.
#mgmt_cli migrate-export-domain domain ABCDEF_Management_Server file-path /var/log/tmp/ include-logs false
Username: xxxx
Password:
code: "generic_err_command_not_found"
message: "Requested API command: [migrate-export-domain] not found"

Executed command failed. Changes are discarded.

Please suggest me how to proceed with this.
_Val_
Admin
Admin
‎2020-05-18 03:37 AM
In response to Sanjay_S

Domain migration requires higher API version than R80.10. R80.30 and up.

Sanjay_S
Advisor
‎2020-05-19 12:01 AM
In response to _Val_

Getting an error as below while trying to export from API.

Error: The parameters of mgmt_cli command should be provided in pairs (key and value).
You have provided an odd number of parameters which suggests that you are probably missing a parameter.
Sanjay_S
Advisor
‎2020-05-20 10:52 PM
In response to Sanjay_S

I ran the PUV in the current R80.10 MDS to migrate it to new R80.30. However i dont see any useful report from PUV.

In Multi-Domain Server R80 or R80.10 with enabled vSEC Controller:

Connect with SmartConsole to the Global Domain.
Delete all global Data Centers objects.
Assign the modified Global Policies.

The messages generated by the verification tools will be available in:
/opt/CPInstLog/verification_tools_report


Performing verifications on currently installed version
======================================================================
>>> Executing Pre Upgrade Verifications
psql.bin: could not connect to server: No such file or directory
Is the server running locally and accepting
connections on Unix domain socket "/tmp/.s.PGSQL.5432"?
psql.bin: could not connect to server: No such file or directory
Is the server running locally and accepting
connections on Unix domain socket "/tmp/.s.PGSQL.5432"?
psql.bin: could not connect to server: No such file or directory
Is the server running locally and accepting
connections on Unix domain socket "/tmp/.s.PGSQL.5432"?







Multi-Domain Server PRE-UPGRADE VERIFICATION ENDED SUCCESSFULLY.

The messages generated by the verification tools are saved in the following formats:
/opt/CPInstLog/verification_tools_report (text file)
/opt/CPInstLog/verification_tools_report.html
/opt/CPInstLog/verification_tools_report.xls

#cat /opt/CPInstLog/verification_tools_report
Multi-Domain Server Pre Upgrade Log File
======================================================================
>>> Executing Pre Upgrade Verifications


Could you please help me out on this.
0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2020-05-21 01:53 AM
In response to Sanjay_S

Note - This tool is required only when you upgrade from R77.30 (or lower) version to R80.30.

Please refer: Check Point - Installation and Upgrade Guide R80.30

CCSM R77/R80/ELITE
0 Kudos
Sanjay_S
Advisor
‎2020-05-21 06:55 AM
In response to Chris_Atkinson

So for upgrade from R80.10 to R80.30 dont we need to PUV?

Below is what i followed.


Step

Description

1

Connect to the command line on the current Multi-Domain Server.

2

Log in with the superuser credentials.

3

Log in to the Expert mode.

4

Stop all Check Point services:

[Expert@MDS:0]# mdsstop

5

Go to the main MDS context:

[Expert@MDS:0]# mdsenv

6

Mount the R80.30 ISO file:

[Expert@MDS:0]# mount -o loop /var/log/path_to_iso/<R80.30_Gaia>.iso /mnt/cdrom

7

Go to the installation folder in the ISO:

[Expert@MDS:0]# cd /mnt/cdrom/linux/p1_install/

8

Run the installation script:

[Expert@MDS:0]# ./mds_setup

This menu shows:

(1) Run Pre-upgrade verification only [recommended before upgrade]
(2) Backup current Multi-Domain Server
(3) Export current Multi-Domain Server
Or 'Q' to quit.
eitan_tanami
Participant
‎2020-05-28 01:10 PM

software 💣

0 Kudos
Sanjay_S
Advisor
‎2020-05-29 03:21 AM
In response to eitan_tanami

Can we go to boot menu in Virtual Machine while reboot? Because i am trying to get into boor menu but it directly prompts the login.

0 Kudos
Sanjay_S
Advisor
‎2020-05-29 02:01 PM
In response to Sanjay_S

# yes | nohup $MDSDIR/scripts/mds_import.sh /var/log/exported_mds.29May2020-182433.tgz &
[1] 11843
nohup: appending output to 'nohup.out'
[Expert@UK:0]# cat nohup.out
Reading configuration of imported Multi-Domain Server.
Export tool version matches import tool version. Proceeding.
not running pre_import_secondary_ip_check_verification, pre_import_primary_mds_connectivity_verification and pre_import_global_active_state_verification since existing ver is R80 and above
psql.bin: could not connect to server: No such file or directory
Is the server running locally and accepting
connections on Unix domain socket "/tmp/.s.PGSQL.5432"?

Your Multi-Domain Server should NOT be running while you import.
mds_import.sh will now stop the Multi-Domain Server.
Do you want to continue [yes/no] ? About to delete old content of temporary directory /var/log/import_temp_dir .
Proceed? [yes/no] ? Reading configuration of imported Multi-Domain Server.
Export tool version matches import tool version. Proceeding.
not running pre_import_secondary_ip_check_verification, pre_import_primary_mds_connectivity_verification and pre_import_global_active_state_verification since existing ver is R80 and above
psql.bin: could not connect to server: No such file or directory
Is the server running locally and accepting
connections on Unix domain socket "/tmp/.s.PGSQL.5432"?

Your Multi-Domain Server should NOT be running while you import.
mds_import.sh will now stop the Multi-Domain Server.
Do you want to continue [yes/no] ? Terminated
Terminated
Got signal TERM, exiting
Got signal TERM, exiting
Stopping CPM Server ...
Stopping CPM Server ...
Stopping Multi-Domain Server

Stopping Multi-Domain Server

Stop Search Infrastructure...
Stop Search Infrastructure...
Stopping RFL ...
Stopping RFL ...
Stopping Solr ...
Stopping Solr ...
Stop SmartView ...
Stop SmartView ...
Stopping SmartView ...
Stopping SmartView ...
Stop Log Indexer...
Stop Log Indexer...
Stop SmartLog Server...
Stop SmartLog Server...
evstop: Stopping product - SmartEvent Server
evstop: Stopping product - SmartEvent Correlation Unit
evstop: Stopping product - SmartEvent Server
evstop: Stopping product - SmartEvent Correlation Unit
Check Point SmartEvent Correlation Unit is not running
Check Point SmartEvent Correlation Unit is not running
Reading configuration of imported Multi-Domain Server.
Export tool version matches import tool version. Proceeding.
not running pre_import_secondary_ip_check_verification, pre_import_primary_mds_connectivity_verification and pre_import_global_active_state_verification since existing ver is R80 and above
psql.bin: could not connect to server: No such file or directory
Is the server running locally and accepting
connections on Unix domain socket "/tmp/.s.PGSQL.5432"?

Your Multi-Domain Server should NOT be running while you import.
mds_import.sh will now stop the Multi-Domain Server.


I am not able to import it during the upgrade process from R80.10 and R80.30 please help i am in middle of the upgrade.

0 Kudos
_Val_
Admin
Admin
‎2020-05-30 07:06 AM
In response to Sanjay_S

check all MDSM processes are down. It seems at least one of domains is still running

0 Kudos
Sanjay_S
Advisor
‎2020-06-04 04:57 AM
In response to _Val_

Hi Val,
We have rebuilt the VM from scratch which helped us in fixing the issues yesterday. But after migrating to VM we see it is pretty slow than usual. Memory used is around 50%, CPU is around 30% File system it is completely free. But still slow. Not sure what could be the issue. Is there any know issue reported with VM?
0 Kudos
_Val_
Admin
Admin
‎2020-06-04 10:17 PM
In response to Sanjay_S

Please look into sk104848 for guidance

0 Kudos
Sanjay_S
Advisor
‎2020-06-05 12:31 AM
In response to _Val_

Thanks Val, the only mistake which i can think of is Thick provisioning instead we did Thin provisioning.
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    li.common.scroll-to.top