Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Dalbir_singh
Contributor

upgrading management appliance

Hi All

 

Greetings
We are using 6 gateways, one management & one is event management. Smart 1 5 MGMT is already out of support. Checkpoint team suggested us two smart 1 405 devices for the up gradation. 3 of our gateway are in our Data center & 3 in our DRC (Disaster recovery center). Plan is to split the gateways, 3 gateways in one appliance & 3 in another one. Few of the steps we have performed, as suggested by checkpoint support team. Below is the activity performed :

1. Generate a fresh backup (upgrade_export) from the live server, please refer SK54100 (Checkpoint support center) for the detailed procedure.
- Make a note of the MD5 value of the generated file.
- Take it out of the Management server.

2. Create a replica of your Management server.
- Host-name should be the same.
- IP address should be the same.
- CP version should be the same.
- CP OS should be the same.

3. Import the backup file which you generated in point-1 on the lab replica Management server, please refer SK54100 for the detailed procedure.

4. Login to R77.30 Gaia Smart Dashboard and cross-check the configuration.

5. Download the R80.30 migration tools from the below link :

https://supportcenter.checkpoint.com/supportcenter/portal/role/supportcenterUser/page/default.psml/m...


- MD5 value : e3fc994d93a6f5cf9509f2c892a8ec22

6. Copy these migration tools to the R77.30 Gaia lab replication Management server under $FWDIR/bin/upgrade_tools

7. Extract the copied migration tools of R80.30
 #tar -zxvf filename

 After extracting the migration tool run below command

 ./pre_upgrade_verifier -p $FWDIR -c R77 -t R80.30
 
 -Fix the errors if any.
-Generate an upgrade export once the pre-upgrade verification is successful.

8. Generate a backup (upgrade_export), please refer SK54100 for the detailed procedure.
- Make a note of the MD5 value of the generated file.
- Take it out of the Management Server.

NOTE: Pay attention to the R80.30 Gaia prerequisites.

9. Download the R80.30 Gaia fresh installation image from the below link:
https://supportcenter.checkpoint.com/supportcenter/portal?action=portlets.DCFileAction&eventSubmit_d...

- MD5 value : 0a6414bdb2c601f4c4e7891d452c18d1

10. Do a fresh installation of R80.30 Gaia Management server in your lab setup.
- Host-name should be the same.
- IP address should be the same.

11. Import the backup which you have generated in point-8, please refer SK54100 for the detailed procedure.

12. Download the R80.30 GUI console from the below link :
https://supportcenter.checkpoint.com/supportcenter/portal/role/supportcenterUser/page/default.psml/m...

- MD5 value : 38f527041fd73a1c53947dbfef49b0c6

13. Login to Smart dashboard and cross-check the configuration.

Activity performed till date (In offline mode)
--> Successfully migrated the Management Smart-1 405 (R80.30) appliance from Smart-1 5 (R77.30) (In offline Mode).
--> All the configurations and Smart console are working fine on both devices.
--> License also activated successfully.

Questions & Queries
1. As we are now working to split the 3 DC gateways to one management device & 3 DRC gateways to another management device. Is this possible to segregate the gateways from management devices before going into the live environment.
2. Is it possible to delete the gateways policies directly from the management device & after deletion it will work fine!!
3. License is activated in both devices on default IP 192.168.1.1, Will license need to reactivate once again when we are going into the live platform after changing the IP address of second Mgmt. device.
4. We also tried to perform all these activities in R80.40, but faced some challenges in migrating configuration. Which one do you recommend: R80.30 or R80.40 !!. We rolled back to R80.30, Everything works fine.
5. Please also share the important hotfixes of R80.30, or recommended updates.


Also sharing existing & proposed setup of infrastructure in attachment

0 Kudos
4 Replies
_Val_
Admin
Admin

R81 is the recommended version now, you are at least two versions behind with R80.30

0 Kudos
Dalbir_singh
Contributor

Hello Sir

 

Greetings

We tried to migrate the file in R80.40 but getting so many errors while doing the task. So we decided to revert back & Migrate all the configuration into R80.30.

If possible can anyone tell how to delete object from management, We want to segregate the DR gateways from one management box.

0 Kudos
Dorit_Dor
Employee
Employee

1. R80.40 is the most used version and r81 already used by thousands mgmt’s and even 150 multi domains. We have solid mgmt upgrade by now and dont know of chronic issues so i am 100% sure we can help you get to R80.40 if you want to “work with us” (QA can assist).

I would personally go to R81 and even consider R81.10 on the mgmt. For Gw’s i would also go to R81 but can also see the more conservative approach to go to R80.40

R80.30 isnt bad release but it is just missing things that are already available and solid. 

2. The problem why you cant delete the object is that it tells you its being used? 
If so you can delete it it from “main places” like main rulebase and groups and then change its display name to “the dr gw that was removed from this mgmt” and delete sic /change the ip. This way when you look at your history and see a reference, you can see where it was and have reference - if not, you will need to delete it from all usages

 

 

Dorit 

0 Kudos
Dalbir_singh
Contributor

Hi Sir

 

Thanks for the update, We are still working on the case.

Will update you soon. Thanks again for valuable time & support.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events