Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Wyman
Contributor

Enable MVC During Cluster Upgrade

Hi. We're going to be upgrading our 2 gateway cluster from R80.30 to R80.40 and I see that enabling MVC is recommended during this process. I'm not completely sure where it fits into the process - please can someone verify if the process below is correct or not? Thanks very much.

 

1) Upgrade backup gateway to R80.40

2) Install access control policy (unchecking the cluster install fail check box) 

3) Enable MVC on the upgraded gateway?

4) Check cluster status to confirm 'Active(!)' status on upgraded gateway and 'Standby' status on other gateway

5) Failover to the upgraded gateway

6) Upgrade the older R80.30 gateway

7) Install the access control and threat prevention policies (tick the cluster install fail check box)

😎 Disable MVC on the gateway that was upgraded first?

 

 

0 Kudos
2 Replies
Timothy_Hall
Champion
Champion

This is nicely covered in the R80.40 Installation and Upgrade guide, section "Multi-Version Cluster Upgrade Procedure - Gateway Mode"; see the attached screenshot which is the non-VSX procedure for a 3-node cluster.  Note that there is a slightly different procedure for VSX clusters (which is also provided in that same document).

mvc.png

 

"Max Capture: Know Your Packets" Video Series
now available at http://www.maxpowerfirewalls.com
Baasanjargal_Ts
Advisor

Hello Wyman,

I believe you've gotten back up your current configuration.

Workflow:

  1. On each Cluster Member - Change the CCP mode to Broadcast
  2. On the Cluster Member M2 - Upgrade to R80.30 with CPUSE
  3. In SmartConsole - Change the version of the cluster object
  4. In SmartConsole - Install the Access Control Policy
  5. On each Cluster Member - Examine the cluster state
  6. On the old Cluster Member M1 - Stop all Check Point services
  7. On the upgraded Cluster Member M2  - Examine the cluster state
  8. On the old Cluster Member M1 - Upgrade to R80.30 with CPUSE
  9. In SmartConsole - Establish SIC with the former old Cluster Member M1
  10. In SmartConsole - Install the Access Control Policy
  11. On each Cluster Member - Examine the cluster state
  12. On each Cluster Member - Change the CCP mode to Auto
  13. In SmartConsole - Install the Threat Prevention Policy
  14. Test the functionality

 

There is a great guide for upgrading cluster zero downtime: https://sc1.checkpoint.com/documents/R80.30/WebAdminGuides/EN/CP_R80.30_Installation_and_Upgrade_Gui...

 

0 Kudos