This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Dennis_Claflin
Participant
‎2018-01-23 02:39 PM

Upgrade Question

I recently performed an upgrade from 75.47 to 77.30 on a 2200.  Upon the reboot it booted into what appeared to be it's factory default state.  Upon setting the expert password and logging into expert I found the packages I copied to the device still there. I thought that perhaps I fat fingered something so I tried it again with the same results.  I've done over 100 upgrades but never ran into this before. Any thoughts on why this is happening?  Thanks in advance.  Dennis

0 Kudos
5 Replies
AlekseiShelepov
Advisor
‎2018-01-24 12:32 AM

What operating systems were before and after migration? Did you upgrade it from Splat to Gaia? Did you use upgrade through CLI, WebUI or SmartUpgrade? What package was used?

Your main concern is that upgrade package files are still on the firewall after an upgrade, if I understood correctly. If you transferred the upgrade package, unpacked it (tar zxvf), started UnixInstall script, then the upgrade files should not be deleted automatically, admin does that manually.

Personally I would use a clean install of R77.30 Gaia (if migrated from Splat) instead of migration to avoid issues with settings. Some settings in Gaia are done in a totally different way Issues encountered when upgrading from SecurePlatform to Gaia.

In that case these steps for config are required (Migration from SecurePlatform OS to Gaia OS😞

  1. Export the SecurePlatform configuration files.
  2. Transfer the SecurePlatform configuration files to the Gaia machine.
  3. Convert SecurePlatform configuration files into Gaia Clish script file.
  4. Load the Gaia Clish script into Gaia.
Dennis_Claflin
Participant
‎2018-01-24 06:06 AM
In response to AlekseiShelepov

Thank you Aleksei.  Here are answers to your questions:

- The upgrade was from 75.47.

- We are already running on Gaia. 

- In this case I ran the upgraded from the CLI.

- The package used was "Check_Point_R77.30_T204_Install_and_Upgrade.tgz"

My main concern wasn't that the files were still there, I was just surprised that they were.  My main concern was that I lost the configuration and had I not had remote access through the console port I would have been dead in the water.  

All our firewalls are offsite and are HA clusters.  We are in an OT environment and thus do a zero downtime upgrade. 

The process I use is to copy the package to the field firewall and the run the command "installer import local [package location/name]"  At this point we can either run it from the GUI or the CLI by using "installer install #" 

I've done this many times without incident.  In this case it almost seems as if it boot into a different mode.

Thanks again for your help.

Dennis

0 Kudos
AlekseiShelepov
Advisor
‎2018-01-25 01:10 AM
In response to Dennis_Claflin

Ah, from Gaia R75.47 to Gaia R77.30. Then settings should have been saved, that's not a good thing.

And you did the exact same upgrade (OS versions and hardware) with the exact same method many times previously? I am asking because I am not sure that this method and package is the right one. I didn't do such upgrades for 2200  with similar versions myself, so everything is just as far as I know.

When I go to Upgrade Wizard and fill in your information, I can see that there are two options:

So, one of them is for Legacy CLI upgrade with ISO file, and the second one is for WebUI or SmartUpdate upgrade with tgz package. But you say that you've used "Check_Point_R77.30_T204_Install_and_Upgrade.tgz" which is not in one of these options, there is an ISO file with that name.

All installer ... commands should be connected to CPUSE path, but then the second option shows that the package name should be "Check_Point_R77.30_T204_upg_WEBUI_and_SmartUpdate.Gaia.tgz" and the SK specifically says "Installation of this package using CPUSE is not supported". Also, before some upgrades it is required to update the CPUSE Agent to the latest build.

I see some contradictions here, which could lead to the problems that you had with config loss. As I said, I am not sure about exactly these software and hardware versions, but this is all just from the information from Support Center.

I remember that once I installed a wrong package on an appliance and it worked and everything seemed fine. But all hardware sensors didn't work, they were all just with red status, and SmartView monitor was showing problems because of that too.

0 Kudos
Dennis_Claflin
Participant
‎2018-01-25 08:43 AM
In response to AlekseiShelepov

Aleksei, 

I have used the same package for 250 firewalls I have now upgraded.   The only difference with this upgrade was I ran it from the CLI vice the GUI.  That being said I reverted the firewall in question back to 75.47 and re-ran the upgrade from the GUI and it worked as expected.  

Thank you for your feedback. 

Dennis

Norbert_Bohusch
Advisor
‎2018-01-25 03:17 PM
In response to Dennis_Claflin

If you really ran „installer install #“, you did it wrong, because this causes fresh install of new version.

For major version upgrades you have to use „installer upgrade #“!

On HFs it is only install. But you didn’t read the warning which told you all settings will be gone! 😉



Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events