This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Fabz
Contributor
‎2024-02-26 05:46 AM

Upgrade Management Appliance - Downtime required?

Hi Checkmates,

We are planning to upgrade Smart-1 600M from R81 to the latest version since this version will be out of support Oct 24.

On this appliance, we enable almost everything such as SmartEvent, Compliance, and also EPM for 200 users..

Any suggestion before we upgrade to the latest version? we already backup the configuration and waiting approval from C level.

 

however, a few unanswered issues that I should clarify:

  1. Does the FW and EP specifically encounter an issue during the upgrade process?
  2. If failed, would the appliance simply revert to the previous OS or would it become corrupt and require a reinstallation?
  3. How long is the estimated downtime, if any?

Thank you!

0 Kudos
6 Replies
the_rock
Legend
Legend
‎2024-02-26 06:17 AM

I had done this probably 100 times and never had a single issue. In some RARE cases, which I had never encountered in all my years doing this is that say if there isn a problem with mgmt and CRL does not work within 24 hours, thats only issue I ever heard of, but personally, I never had that problem and its probably less than 1% chance that would happen.

One thing I would be aware of is that if you have mgmt with lots of space, it could take 2-3 hours to do FULL upgrade, as once it reboots, it would tell you its re "importing" the database over, but thats totally normal.

Other than that, I cant think of anything else that would be an issue.

Best,

Andy

0 Kudos
G_W_Albrecht
Legend
Legend
‎2024-02-26 07:49 AM

If you do a In-Place upgrade, you will need much free partition space as a new partition with the new version is created, database is exported from the old and imported to the new version. If that fails, old version partition will boot again.

Usually you will use migrate_server export to export the database and migrate_server import to import it to the fresh new SMS.  Two points are important here:

- do you need the logs ? You have to export them without index using the -l option with migrate_server

- do you need the EP msi packages ? You have to use --include-uepm-msi-files with migrate_server

Details can be found here: https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_SecurityManagement_AdminGuid...

I would do the migrate_server as a backup even when using In-Place upgrade...

 

CCSE CCTE CCSM SMB Specialist
the_rock
Legend
Legend
‎2024-02-26 10:24 AM
In response to G_W_Albrecht

True, good points you made.

Andy

0 Kudos
genisis__
Leader Leader
Leader
‎2024-02-26 10:53 AM
In response to the_rock

Also, correct me if I'm wrong if an in-place upgrade is done then the manager cannot take advantage of the XFS filesystem, which is a good reason to clean build and import.

0 Kudos
the_rock
Legend
Legend
‎2024-02-26 10:58 AM
In response to genisis__

Was not aware of that, but doing a clean build and import is never a bad idea.

Best,

Andy

0 Kudos
G_W_Albrecht
Legend
Legend
‎2024-02-26 11:53 PM
In response to genisis__

Depends, see https://support.checkpoint.com/results/sk/sk141432 - a new file system (XFS) was introduced in Gaia OS with kernel 3.10 (R80.30 and higher versions). So check which FS is in use, see the SK.

 

CCSE CCTE CCSM SMB Specialist

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events