This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
wbberry
Explorer
yesterday

1st timer - upgrade process - R81.10 to R82.10 cluster

Hello all .. 

Checkpoint newbie here and been a while since I needed to post. Hope I get this posted properly ... 

We have an installation that consists of two 3000 appliances in a cluster configuration that we manage with Smart console. Everything is running R81.10 and has been very stable for quite a while. We are in the process of deploying four new 3920 sandblast appliances in two new cluster configurations. These new appliances need 82.10. I am looking for documentation / guidance in upgrading all the existing stuff to support these new appliances so we can get them online. I have started nosing around for upgrade instructions but figured may be simpler and easier to come here and ask. Can someone please point me in the right direction? Also any guidance / advice would also be appreciated since this is the first major undertaking I have had since we did the original install a long time ago. I am thinking this would be considered a major upgrade? 

Thanks in advance..... Brent 

Labels
0 Kudos
3 Replies
PhoneBoy
Admin
Admin
yesterday

Yeah, this is considered a major upgrade.
Is this a Full HA cluster or is there a separate management appliance/VM?

0 Kudos
the_rock
MVP Platinum
MVP Platinum
yesterday

Hey Brent,

I will give you method I used many times with people and never failed me, seems to work really well. Obviously, you need to make sure to match everything to right interfaces on the new appliances.

Streps I use:

1) Get show config from existing firewalls (file name can be anything)...from expert mode -> clish -c "show configuration" > /var/log/hostname-date.txt

2) Once you get them off the boxes, go through the config and compare with interfaces on the new firewalls

3) Go through 1st time wizard on new devices, apply eval licences (for the time being) 

4) upgrade management server to R82.10 (if possible, or have it at least on R82 latest jumbo)

5) copy bits and pieces from existing show config files to the clish of new firewalls, just make sure to map proper interfaces, so you can do file compare later

6) do NOT do load config from clish, as that would load config even if its wrong, though would error out, unless you did set clienv on-failure continue, which I do not recomment

7) Once you verify the config, you are ready for the cutover

8) use below post to do this when time comes

https://community.checkpoint.com/t5/Security-Gateways/Replace-Upgrade-Cluster/td-p/69216

9) MAKE SURE that sync interface speed/duplex match, as thats super important for clustering to come up

10) Be proud of GREAT job you did! 🙂

Hope that helps.

Be free to send me a DM if you need further clarification or reply here, either way.

Best,
Andy
0 Kudos
the_rock
MVP Platinum
MVP Platinum
yesterday
In response to the_rock

Forgot to mention, definitely do take backups and snapshots too before doing anything.

Best,
Andy
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events