- CheckMates
- :
- Products
- :
- Quantum
- :
- Management
- :
- Upgrade process from R76 to R77.30
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Upgrade process from R76 to R77.30
Hello,
We are looking at upgrading our existing Checkpoint 2 x 4800 Firewalls from R76 to R77.30.
I've written steps for the process and I would appreciate it if you can advise please since I've never done an upgrade on CP begore.
Before upgrade process I will create a snapshot Image of both FWs to roll back in case things don't go according to plan.
Steps for upgrading:
1- On Standby CP
Gaia > Software Updates > Status and Actions > Select R77.30 Fresh Installand Upgrade from R75.4x/R75.40VS/R76
2- Go through Installation process
3- Reboot
4- Continue with installation process if there is
All the above work was done on the Standby. Now, on the active CP:
1- Run cphastop to swap between Active and Standby
2- Check that Standby with R77.30 is now the Active FW
3- Follow the same process on above on the new Standby R76 FW
Many thanks,
H
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Because you can upgrade direct from R76 to R77.30 without having to jump through an intermediate release, I think you'll find the following very helpful for upgrading a cluster:
Connectivity Upgrade Best Practices --> Check Point Software Technologies: Download Center
--
My book "Max Power: Check Point Firewall Performance Optimization"
now available via http://maxpowerfirewalls.com
now available at maxpowerfirewalls.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
hi,
I think the best way to get a review of this is to open a SR for Check Point support. They have the experience and knowledge to help you out.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Because you can upgrade direct from R76 to R77.30 without having to jump through an intermediate release, I think you'll find the following very helpful for upgrading a cluster:
Connectivity Upgrade Best Practices --> Check Point Software Technologies: Download Center
--
My book "Max Power: Check Point Firewall Performance Optimization"
now available via http://maxpowerfirewalls.com
now available at maxpowerfirewalls.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Tim,
Thank you for your reply. That link is very useful!
I'm planning to do the upgrade through Gaian > Software Updates > Status and Actions
In there I have a Major Versions tab, I have the below listed in the options:
R77.30 Fresh Install and Upgrade from R75.4X / R75.40VS /R76
Based on your experience, would doing the upgrade this way get rid of any existing configuration (Since it says Fresh Install), or will it be a straight forward upgrade where existing configuration will be preserved and not needing to export, and then re-add any Licensing, routing, policies, .. etc?
Many thanks,
H
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Doing the upgrade that way will preserve the existing configuration (although taking a snapshot first is always a good idea just in case), the "Fresh Install and Upgrade" terminology just means that same software image can be used for both fresh installs or upgrades.
--
My book "Max Power: Check Point Firewall Performance Optimization"
now available via http://maxpowerfirewalls.com
now available at maxpowerfirewalls.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Perfect!
Thanks and much appreciated..
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Tim,
Just have another quick question, hope you don't mind please!
With regards to upgrading both Firewalls, I am also looking at installing a Jumbo Hot fix on both as part of the upgrade process.
Is it a better practice to upgrade one, install hotfix, and then do the same with the other one?
Or
Upgrade both to R77.30, and then install hotfix on both?
So, do I do the upgrade and install separately/individually, or upgrade both to R77.30, and then go through the hotfix upgrade again?
Many thanks,
H
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I don't think it really matters which way you do it, when upgrading a cluster I always upgrade the code on one member, apply the jumbo hotfix and then fail over onto the upgraded member.
--
My book "Max Power: Check Point Firewall Performance Optimization"
now available via http://maxpowerfirewalls.com.
now available at maxpowerfirewalls.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Tim,
Just wanted to update you that the upgrade went very well without any issues.
Many thanks for your advise.
H