Solved: Re: Replace/Upgrade Cluster - Page 2

Kevin_Orrison · ‎2019-12-03

I currently have two 4800s in a cluster on R80.10. I am looking to utilize the same cluster name/configuration and replace these gateways with two 6500s on R80.30. I just wanted to brain storm on the easiest way to accomplish this.

Also, seems like this should be a common ask. Are there any Check Point guides for something like this?

cmale · ‎2025-06-24

Yes, as soon as I take the active (old 6600) down, it fails over to the new (replacement 9100) and I lose the ability to get out. I can get out if I console into the appliance itself (the 9100) and can reach anything internally or externally, but nothing from my laptop. DNS does not resolve. I cannot establish SIC on the second one, it just says it cannot reach the management server. Yes, password is correct and I have reset SIC using cpconfig. Yes, I matched the config in GAIA between the old 6600 and the new 9100s. I am still scratching my head on this.

I attached what I see in SC for the active 9100 after it fails over and I take the old (active 6600) offline and bring up the second 9100.

the_rock · ‎2025-06-23

I would double check the routes on that appliance to make sure its 100% correct. I had done this process with customers at least 10 times and never had a problem.

Steps are absolutely accurate.

Andy

cmale · ‎2025-06-24

I will do that. I really do think it is something very simple that I am overlooking, but I have compared the routes many times between the current 6600s and the new 9100s, but I could be missing something still. Attached is what I see when I have the first replacement 9100 as active but I still cannot establish SIC on the second replacement.

the_rock · ‎2025-06-24

One sec, lets take a step back here. So, here is the question...IF you can establish SIC, and shows its communicating, does it let you get interfaces WITHOUT topology? If it does, then all is well. Now, if SIC does not work, you need to troubleshoot why. Does communication to mgmt server work? Can you ping, traceroute to it? Is there communication on port 18191?

Andy

[Expert@CP-FW-01:0]# netstat -tulnp | grep :18192
tcp 0 0 0.0.0.0:18192 0.0.0.0:* LISTEN 8169/cpd
[Expert@CP-FW-01:0]# netstat -tulnp | grep :18191
tcp 0 0 0.0.0.0:18191 0.0.0.0:* LISTEN 8169/cpd

ld3d · ‎2022-09-14

Hello,

Can you recall how you did step "fix cluster member topology" ?

I am changing HW from 21400 (R80.20) to 7000 (R81.10) and of course all interface names / numbers are different.

Only this part is a bit "scarry" for me as I have never did exactly that. What I am going to get on Cluster object in SmartConsole?

Everything else I already pre-configured and I am ready for HW swap - but only "fix cluster topology" is confusing me.

Any screenshots would be very welcome !!!

Thanks in advance!

abihsot__ · ‎2022-11-08

you probably already migrated your cluster, but in case others would stumble on the same question, here is the screenshot where you have to adjust your interface names to align with new hardware.

khodgson_bts

Morning all.

I'm going to be performing a refresh similar to this later. Replacing a pair of 5800s on R81.10 with a pair of 9400s on R81.20. Does anyone know if the MVC mechanism will help here? I'm assuming it won't, due to the differences between the appliances in terms of CPU cores. We're prepared for some interruption anyway.

Thanks.

the_rock

MVC is enabled by default in R81.20.

khodgson_bts

Sure, but my question is will it actually make any difference in terms of maintaining sessions when cutting over from the active 5800 to the new 9400?

the_rock

I would leave it on if I were you. I did similar upgrade with customer recently and did not have any issues.

Andy

khodgson_bts

Cool, thank you!

the_rock

No problem...good luck!

Are you a member of CheckMates?

Replace/Upgrade Cluster