This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
GUEYDON_Olivier
Contributor
‎2022-04-22 06:03 AM

R80.30 to R81 Upgrade

Hi all,

I'm planning to upgrade my 2 5200 SG to R81.

Actually, here is my structure :

- 1 SmartCenter and 1 SmartEvent (VmWare) running R81 for about 1 year

- 2 5200 SG appliances running R80.30, in a ClusterXL HA mode

- Blades : FW, App Ctl, Identity Awarness, QoS, IPS

Both Mgmt servers are in kernel 3.10.0-957.21.3cpx86_64 (with xfs), but not the SG (kernel 2.6.18-92cpx86_64).

What would you advise me to do ?

 

One point is that both SG are quite far away from my desk, in our DataCenter, so i can't loose connection to them ...

 

Thanks !

0 Kudos
6 Replies
the_rock
Legend
Legend
‎2022-04-25 06:46 AM

Just my personal experience...I had cases before when people would say "O, not a big issue, firewalls are remote, what can happen, its a cluster"...well, you'd be surprised. I do NOT recommend doing the upgrade if you dont have physical access to the boxes. I had a scenario happen where one box does not come up after upgrade/reboot and then clustering is totally broken and someone has to go to the location at the end of the day. 

I recommend zero downtime method (I find works the best). By the way, make sure you do management upgrade first, as thats always recommended, since version on mgmt has to be same or higher. Links Chris gave you are good starting point.

0 Kudos
GUEYDON_Olivier
Contributor
‎2022-04-27 02:00 AM
In response to the_rock

Hi guys, thanks for your replies.

I think i will bring one SG back to the office, upgrade it, and then process with the other.

Downloaded the Check_Point_R81_T392_Fresh_Install_and_Upgrade_v1.tgz, that seems correct to proceed with ?

 

Thanks

0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2022-04-28 01:19 AM
In response to GUEYDON_Olivier

That shouldn't be necessary in most cases.

I gather the units don't have LOM cards installed?

CCSM R77/R80/ELITE
0 Kudos
GUEYDON_Olivier
Contributor
‎2022-04-28 03:04 AM
In response to Chris_Atkinson

No, no LOM card ...

Finally, i'm going to start the Clean Install on the Standby node (ClusterXl_admin down before).

If something goes wrong, i will go to our datacenter.

 

Thanks

0 Kudos
GUEYDON_Olivier
Contributor
‎2022-05-13 06:08 AM
In response to GUEYDON_Olivier

Hi all,

Well, this has been quite a stuff 😤

Finally, active member upgraded, but some things didn't went as expected :

cloning group has disapeared, had to recreate on both membres,

IPS licence on trial mode (positive false ?), all other licences synch'd well

So now, eveything is working good, thanks again for your advices !

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top