This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Haidar_Al-Mouss
Participant
‎2016-08-15 05:51 AM
Jump to solution

Upgrade process from R76 to R77.30

Hello,
We are looking at upgrading our existing Checkpoint 2 x 4800 Firewalls from R76 to R77.30.
I've written steps for the process and I would appreciate it if you can advise please since I've never done an upgrade on CP begore.

Before upgrade process I will create a snapshot Image of both FWs to roll back in case things don't go according to plan.


Steps for upgrading:

1- On Standby CP 

Gaia > Software Updates > Status and Actions > Select R77.30 Fresh Installand Upgrade from R75.4x/R75.40VS/R76

2- Go through Installation process

3- Reboot

4- Continue with installation process if there is

All the above work was done on the Standby. Now, on the active CP:

1- Run cphastop to swap between Active and Standby

2- Check that Standby with R77.30 is now the Active FW

3- Follow the same process on above on the new Standby R76 FW

Many thanks,

H

0 Kudos
1 Solution

Accepted Solutions
Timothy_Hall
Legend Legend
Legend
‎2016-08-17 01:15 PM
Jump to solution

Because you can upgrade direct from R76 to R77.30 without having to jump through an intermediate release, I think you'll find the following very helpful for upgrading a cluster:

Connectivity Upgrade Best Practices --> Check Point Software Technologies: Download Center

--

My book "Max Power: Check Point Firewall Performance Optimization"

now available via http://maxpowerfirewalls.com

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com

View solution in original post

8 Replies
Eyal_Balla
Employee Alumnus
Employee Alumnus
‎2016-08-16 10:50 PM
Jump to solution

hi,

I think the best way to get a review of this is to open a SR for Check Point support. They have the experience and knowledge to help you out.

Timothy_Hall
Legend Legend
Legend
‎2016-08-17 01:15 PM
Jump to solution

Because you can upgrade direct from R76 to R77.30 without having to jump through an intermediate release, I think you'll find the following very helpful for upgrading a cluster:

Connectivity Upgrade Best Practices --> Check Point Software Technologies: Download Center

--

My book "Max Power: Check Point Firewall Performance Optimization"

now available via http://maxpowerfirewalls.com

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
Haidar_Al-Mouss
Participant
‎2016-08-18 04:55 AM
In response to Timothy_Hall
Jump to solution

Hi Tim,


Thank you for your reply. That link is very useful!

I'm planning to do the upgrade through Gaian > Software Updates > Status and Actions

In there I have a Major Versions tab, I have the below listed in the options:
R77.30 Fresh Install and Upgrade from R75.4X / R75.40VS /R76


Based on your experience, would doing the upgrade this way get rid of any existing configuration (Since it says Fresh Install), or will it be a straight forward upgrade where existing configuration will be preserved and not needing to export, and then re-add any Licensing, routing, policies, .. etc?

Many thanks,
H

0 Kudos
Timothy_Hall
Legend Legend
Legend
‎2016-08-18 05:48 AM
In response to Haidar_Al-Mouss
Jump to solution

Doing the upgrade that way will preserve the existing configuration (although taking a snapshot first is always a good idea just in case), the "Fresh Install and Upgrade" terminology just means that same software image can be used for both fresh installs or upgrades.

--

My book "Max Power: Check Point Firewall Performance Optimization"

now available via http://maxpowerfirewalls.com

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos
Haidar_Al-Mouss
Participant
‎2016-08-18 06:01 AM
In response to Timothy_Hall
Jump to solution

Perfect!
Thanks and much appreciated..

Smiley Happy

0 Kudos
Haidar_Al-Mouss
Participant
‎2016-09-01 07:57 AM
In response to Timothy_Hall
Jump to solution

Hi Tim,
Just have another quick question, hope you don't mind please!

With regards to upgrading both Firewalls, I am also looking at installing a Jumbo Hot fix on both as part of the upgrade process.

Is it a better practice to upgrade one, install hotfix, and then do the same with the other one?
Or
Upgrade both to R77.30, and then install hotfix on both?

So, do I do the upgrade and install separately/individually, or upgrade both to R77.30, and then go through the hotfix upgrade again?

Many thanks,

H

0 Kudos
Timothy_Hall
Legend Legend
Legend
‎2016-09-05 06:05 AM
In response to Haidar_Al-Mouss
Jump to solution

I don't think it really matters which way you do it, when upgrading a cluster I always upgrade the code on one member, apply the jumbo hotfix and then fail over onto the upgraded member. 

--

My book "Max Power: Check Point Firewall Performance Optimization"

now available via http://maxpowerfirewalls.com.

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos
Haidar_Al-Mouss
Participant
‎2016-09-13 02:04 AM
In response to Timothy_Hall
Jump to solution

Hi Tim,
Just wanted to update you that the upgrade went very well without any issues.
Many thanks for your advise.
H

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events