Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Dalbir_singh
Contributor

upgrade process R77.30 to R80

Hi All

 

Greetings

This is regarding the upgrading 4800 Gateways from R77.30 to R80. Request you to please share the best process of upgrading. Also share the important files to take backup before going into the upgrade. Alongside how much time needed to perform the activity or how much downtime needed during the process. 

Our management device already working in R80.30. 

 

So please share your expert opinion on this.

0 Kudos
8 Replies
PhoneBoy
Admin
Admin

Is it a single gateway or a cluster?
If it’s a cluster, the upgrade can be performed with minimal downtime depending on the exact process you follow.
If it’s a single gateway, some downtime is inevitable (can be half hour or more).

In terms of backups, the best practices in general are documented here: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
However, upgrades in general will take a snapshot of the system so in case something goes wrong, you can easily revert to the previous state.

Dalbir_singh
Contributor

Hi Sir

 

Greetings

We have 6 4800 gateways, 3 gateways installed in DC & 3 Gateways installed in another location i.e. DRC. 2 MPLS Gateways works in cluster & 1 Internet gateway works standalone. Same scenario in DRC.

Which upgrade process will you suggest GUI or Cli Mode! Please help.

0 Kudos
Bob_Zimmerman
Authority
Authority

It may be worth mentioning R80 was a management-only release. The next firewall version after R77.30 was R80.10. You don't need to stop off at every intermediate version and can just go from R77.30 to R80.30, or even to R80.40 if your management has at least jumbo 166.

Dalbir_singh
Contributor

Hi Sir

Greetings

Thanks for the reply, Definitely we will go for R80.30 or R80.40. 

0 Kudos
CPRQ
Collaborator

Do backup and snapshot as suggested. Hope you have console access to device or someone physically is there. I will suggest go with fresh clean install.

- Do fw unloadlocal ( good to do this step but not required)

- Login to the firewall web interface and clean install the R80.30 major version fresh install and upgrade file from CPUSE.

- After reboot, Complete the first time configuration wizard with our standard new settings. You may have to enter the following setting or simply confirm it and say yes.

  • Name: xxxx-xxx
  • Internet WAN- yes check the interface and IP address how you are connecting to Web Gui,ssh, smart console
  • DNS: xxx.com, IP of DNS x.x.x.x
  • NTP: x.x.x.x
  • SIC: cpconfig option 5,  do fw unloadlocal  (on dash-board gateway reset sic)
  • Gateway  x.x.x.1
  • On ssh : Set expert-password enter password save config

 - Verify that the network interfaces, static routes, and default gateway settings were not removed

- On SMS - Change the version on the firewall object from R77.30 to R80.30.  

-   Install Access Control and Threat Prevention policy. Access Control policy needs to be installed first. 

-  Download / import the R80.30 version latest jumbo hotfix as a package (T237)

-  Once the jumbo hotfix finishes downloading, run the install

-  After the hotfix installs, Install the policy again

- verify remote connectivity to the firewall web interface and other connections

  BACK OUT PLAN

- Restore the firewall to the snapshot that I created before the upgrade.       

- Install the firewall policy onto the firewall.   

(1)
Dalbir_singh
Contributor

Hi Sir

Greetings

Thanks for the reply, Which one you suggest a clean installation or upgrading from Upgrades (CPUSE)” – “Status and Actions". GUI Or Cli which one you recommend.

Please suggest.

0 Kudos
Dorit_Dor
Employee
Employee

There is no good reason to go to R80.30. By now R80.40 is the most used version by far and i selecting R80.30 now, is no longer good conservative choice. 

Dalbir_singh
Contributor

Hi Sir

Greetings

Thanks for the reply, Definitely we will go for R80.40. Thanks for your suggestion.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events