This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have one, create one now for free!
GUEYDON_Olivier
Contributor
‎2022-04-22 06:03 AM

R80.30 to R81 Upgrade

Hi all,

I'm planning to upgrade my 2 5200 SG to R81.

Actually, here is my structure :

- 1 SmartCenter and 1 SmartEvent (VmWare) running R81 for about 1 year

- 2 5200 SG appliances running R80.30, in a ClusterXL HA mode

- Blades : FW, App Ctl, Identity Awarness, QoS, IPS

Both Mgmt servers are in kernel 3.10.0-957.21.3cpx86_64 (with xfs), but not the SG (kernel 2.6.18-92cpx86_64).

What would you advise me to do ?

 

One point is that both SG are quite far away from my desk, in our DataCenter, so i can't loose connection to them ...

 

Thanks !

0 Kudos
6 Replies
the_rock
Champion
Champion
‎2022-04-25 06:46 AM

Just my personal experience...I had cases before when people would say "O, not a big issue, firewalls are remote, what can happen, its a cluster"...well, you'd be surprised. I do NOT recommend doing the upgrade if you dont have physical access to the boxes. I had a scenario happen where one box does not come up after upgrade/reboot and then clustering is totally broken and someone has to go to the location at the end of the day. 

I recommend zero downtime method (I find works the best). By the way, make sure you do management upgrade first, as thats always recommended, since version on mgmt has to be same or higher. Links Chris gave you are good starting point.

0 Kudos
GUEYDON_Olivier
Contributor
‎2022-04-27 02:00 AM
In response to the_rock

Hi guys, thanks for your replies.

I think i will bring one SG back to the office, upgrade it, and then process with the other.

Downloaded the Check_Point_R81_T392_Fresh_Install_and_Upgrade_v1.tgz, that seems correct to proceed with ?

 

Thanks

0 Kudos
Chris_Atkinson
Employee
Employee
‎2022-04-28 01:19 AM
In response to GUEYDON_Olivier

That shouldn't be necessary in most cases.

I gather the units don't have LOM cards installed?

0 Kudos
GUEYDON_Olivier
Contributor
‎2022-04-28 03:04 AM
In response to Chris_Atkinson

No, no LOM card ...

Finally, i'm going to start the Clean Install on the Standby node (ClusterXl_admin down before).

If something goes wrong, i will go to our datacenter.

 

Thanks

0 Kudos
GUEYDON_Olivier
Contributor
‎2022-05-13 06:08 AM
In response to GUEYDON_Olivier

Hi all,

Well, this has been quite a stuff 😤

Finally, active member upgraded, but some things didn't went as expected :

cloning group has disapeared, had to recreate on both membres,

IPS licence on trial mode (positive false ?), all other licences synch'd well

So now, eveything is working good, thanks again for your advices !

0 Kudos