It's running  Firewall, IPSec, APPCTRL, IA and IPS

Below load is in off-hours, I didn't get the chance to check it during the day:

CPU User Time (%): 2
CPU System Time (%): 11
CPU Idle Time (%): 87
CPU Usage (%): 13
CPU Queue Length: -
CPU Interrupts/Sec: 6691
CPUs Number: 4

In general, it should work but please allow me to rephrase. What is the expected throughput?

Note HCP will help to identify any gotchas with the current configuration.

Also run a cpsizeme (sk88160), it gives a good performance overview (send to your SE)

Thank you, I'll give that a go and evaluate it. 

On a first attempt, it seems to have failed; CPUSE gives me following error without any other information:

<b>Upgrade of package Check_Point_R81.20_T631_Fresh_Install_and_Upgrade.tgz Failed</b><br><br>Failed during export process.<br><br>Contact Check Point Technical Services for further assistance.

Noted, replacements will for sure be purchaset at a later time; for now I need these 3200 appliances upgraded asap.

If R81.10 + Rec JT works as expected i would just stay - but that is a personal decision. NCARS 😉

Might indeed be the way to go, I was optimistic and hoping to have it on R81.20 🙂 

Now this is new to me.. if it would have somewhat made sense on R81.20, but for R81.10 it comes as a surprise. 

Please open a support call with TAC for this.

Already on it, managet to get an SR registered for this. Thanks 🙂 

What is the reason, low disk space ?

Doesn't seem so to me 😕 

What is the current source version & Jumbo that you are upgrading from?

How much disk space is free and is the Deployment Agent up to date?

Upgrading from R80.40 JHF 196; doesn't look like a free disk space issue to me at least (see image shared above). 

Agent: Enabled
Build number: 2337 (agent build is up to date)
Network connection: connected
Update from cloud: Last updated on Tue Nov 7 10:49:27 2023
License: Valid

Thanks as Val suggests please contact TAC who can assist in reviewing the logs for the upgrade failure/s.

A fast update on this issue - Checkpoint TAC didn't manage to pinpoint the root cause for this upgrade failure. A lot of hours got used on this issue and I was forced to move on, so a R81.10 fresh install was done for the appliance.

Without a root cause, there's not much to learn from this fault unfortunately, except for the fact that one can be lucky or unlucky with TAC depending on the skills of the enginner assigned for the SR. 

You can always ask for the case to be escalated if you stall out. Whenever you are doing upgrades, let your SE know ahead of time (we hate getting calls for something we didn't know was happening), and you can also open a proactive case and pre-load it with all the information about what you are doing. 

*** ALWAYS include the following when opening an SR ***

cpinfo from management and all devices involved. ***This is always going to be asked for***

A "show configuration" from all devices involved.

A "migrate export" of the manager.

I will normally open the ticket online, add the above, then call into TAC.

Yeah, it very much depends on how many blades you have active. I for one decided to stick to R81.10 and will keep patching for as long as it will be supported, the 3200 will anyways be end of life roughly the same time as R81.10 (end of engineering support June 2024, end of support December 2025 for the appliance, end of support July 2025 for R81.10).

Support Life Cycle Policy - Check Point Software

/Daniel

Actually installed 81.10 today to same environment. Same results. Waited for 45 minutes and cpu calmed down.

Also found reason: System is just so slow (slow hdd). For example fw load_sigs took very long time.

Sticked to R81.10, because those are going to replaced before end of support.