Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Jorge_Luis_Chav
Participant

Downgrade appliance 1450

Hello, can someone help me with this requirement?

I have a 1450 appliance in the version R77.20.80, but my client requires that the downgrade be made to the version R77.20.60, however the load the image R77.20.60 and caragar the backup, for compatibility problems it is obvious that it does not work , the question is:

Is there any way to adapt the backup of version R77.20.80 to load it to verison77.20.60?

7 Replies
PhoneBoy
Admin
Admin

First, this should be in the SMB and SMP‌.

Second, can you explain why your customer requires R77.20.60 versus the latest version?

If it's due to a technical issue, then you should contact the TAC (especially if it's urgent as your message tag suggests).

Contact Support | Check Point Software 

As far as I know, the backup can only be installed on the same version it was taken from (or possibly a later release, but definitely not earlier).

The backup contains a copy of the configuration as a sqlite database, among other things.

It does appear the version the backup was taken with is coded into the database.

Using sqlite .dump, I can see the following:

CREATE TABLE system

(       

        name  text NOT NULL,

        firmwareVer  text,

        firmwarePri  text,

        firmwareSec  text,

        firmwarePriTimestamp  text,

    vendor text NOT NULL,

    sysContact text,

    sysLoc  text,

        PRIMARY KEY (name)

);

INSERT INTO "system" VALUES('Security Gateway 80','0.0.1-b0','R77_990172392_20_80',NULL,'Tue Jul  3 14:28:30 2018','Check Point',NULL,NULL);

I also see the image used in: addtional_settings_tmp/pfrm2.0/etc/prev_image_info

Presumably, you could modify the above to the appropriate value, recompress the directory, and attempt to restore against R77.20.60.

However, if there are differences in the database schema between R77.20.60 and R77.20.80, or there are other places where the version is specified that I didn't find, this won't be enough.

Jorge_Luis_Chav
Participant

Thank you,

It does not work because of the difference in the version of the backup, however I got the command "show configuration" of the R77.20.80 version, and later copy and paste the output of the commands in the version R77.20.60 and if the changes were made but not in its entirety.

Is there any way I can optimize that process?

PhoneBoy
Admin
Admin

A show configuration contains some, but not all of the configuration.

Some of the configuration (certificates and the like) are stored in the files in the backup.

Also, it’s possible that show configuration may not output the configuration in an order that can be pasted into another appliance—This was an issue in older, non-embedded Gaia releases.

But again, what is the reason for needing R77.20.60?

0 Kudos
Jorge_Luis_Chav
Participant

The reason why version R77.20.60 is required, is because with all the other versions higher than this have presented many problems of CPU consumption and memory and this problem affects the daily activities of the client since the administration is literally lost and Occasionally it restarts.

The logs that have been extracted are: Error [CPOSD] Low Free memory status is 8.850%

PhoneBoy
Admin
Admin

You should definitely be working with the TAC to try and resolve those issues.

The TAC may also be able to assist with trying to get the backup to "restore" on an earlier version. 

0 Kudos
Pedro_Espindola
Advisor

Show configuration won't work, but you can use it and edit the commands to make your own configuration script.

This has been discussed in the thread Configuration transfer between different SMB models

Commands like 'set interface LAN1 ipv4-address 10.10.10.234 mask-length 24' will look like 'set interface LAN1 ipv4-address "10.10.10.234" mask-length "24"', with incorrect double quotes.

G_W_Albrecht
Legend Legend
Legend

This is possible using a USB medium. See sk107592 How to perform a fresh_clean install of firmware on 600_700_1100_1400_1200R appliances via USB on how to install an older firmware to the SMB device...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events