This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
GUEYDON_Olivier
Contributor
‎2020-06-08 12:44 AM

R80.10 R80.30 migration

Hi all,

Maybe some help on my issue :

I have 2 SG (5200 appliances), 1 SMS and 1 SmartEvent (both on VmWare vm), all of them running on R80.10.

I'd like to migrate to R80.30. For now, i have build up 2 new vms from scratch, with iso R80.30_T200 (with differents IP) and installed the SmartConsole. Added the SmartEvent server.

I thought I could update the 2 SG (HA mode) with CPUSE (R80.30 Fresh Install and Upgrade for SG and Standalone).

Failover the ClusterXL, migrate the standby SG, switch to the active one, migrate, and reactive the ClusterXL.

But, if this is correct, when should I add the appliances to the SmartConsole R80.30 ? And what about the database and licences ?

 

Thanks for any advice !

PS ; Sorry for my bad english, i'm french 🙂

0 Kudos
6 Replies
Tal_Paz-Fridman
Employee
Employee
‎2020-06-08 02:04 AM

Hi,

1) What about your Security Management Server database? Would you like to export and import it into an R80.30 machine? If so please follow:

https://sc1.checkpoint.com/documents/R80.30/WebAdminGuides/EN/CP_R80.30_Installation_and_Upgrade_Gui...

 

There are 4 options:

Upgrading a Security Management Server from R80.20, R80.10, and lower with CPUSE

Upgrading a Security Management Server from R80.20, R80.10, and lower with Advanced Upgrade

Upgrading a Security Management Server from R80.20, R80.10, and lower with Migration

Upgrading Security Management Servers in Management High Availability from R80.20, R80.10, and lower

 

2) There are also detailed instructions for Cluster upgrade as well.

3) I would also recommend upgrading to R80.40 which is now the official recommended version:

https://community.checkpoint.com/t5/Product-Announcements/R80-40-is-now-Check-Point-s-default-versio...

 

HTH

Tal

 

 

0 Kudos
GUEYDON_Olivier
Contributor
‎2020-06-08 05:01 AM
In response to Tal_Paz-Fridman

Hi Tal,

Thanks for your reply.

1) I've made snapshots and backups of the 2 SG, backups and export of the SMS and SmartEvent, and export of licences.

But when should I import the database to the new SMS ? Before or after SG upgrade ?

2) Would you recomend a clean install or an upgrade of the SG ?

 

Regarding licences, can I import them on the new SMS, while having the actual still in production ?

I didn't find the answer on the guide.

 

Thanks a lot,

0 Kudos
Tal_Paz-Fridman
Employee
Employee
‎2020-06-08 05:20 AM
In response to GUEYDON_Olivier

Hi

Everything is documented in the guide I sent. For example you have a section for Upgrading ClusterXL, VSX Cluster, VRRP Cluster with detailed steps:

https://sc1.checkpoint.com/documents/R80.30/WebAdminGuides/EN/CP_R80.30_Installation_and_Upgrade_Gui...

 

In any case import database into the new Security Management Server in a lab environment so that you can test to see that it is working properly. Only then proceed with the rest.

Tal

0 Kudos
GUEYDON_Olivier
Contributor
‎2020-06-08 08:22 AM
In response to Tal_Paz-Fridman

Ok, i will try this. But i'm stuck with migration tools. I can't find the R80.30 to install on the R80.10 SMS.

It says : You are not entitled to download this file.

No luck ...

Thanks anyway !

0 Kudos
GUEYDON_Olivier
Contributor
‎2020-06-11 02:58 AM
In response to GUEYDON_Olivier

Hello,

Here are some news :

I finally upgraded the SMS and SmartEvent with CPUSE (upgrade), no troubles.

I followed with the standby SG of the cluster, but after reboot, connectivity with the SG was lost in SmartCenter.

FW logs shows traffic drop from the SG to the SmartCenter with InitialPolicy. I have changed cluster version to R80.30, published, but still not installed policy (i'm a bit scared ...).

Do you think this is a normal behavior ?

 

Thanks,

0 Kudos
Tal_Paz-Fridman
Employee
Employee
‎2020-06-13 04:03 AM
In response to GUEYDON_Olivier

InitialPolicy after upgrade on a Security Gateway is normal,

Test communications with the Security Gateway in SmartConsole - see if trust is still established.

0 Kudos