Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
dwilliams-dmu
Explorer

Upgrading 5800 Appliances R80.20 to R80.40

I am looking for any and all advise regarding upgrading a clustered pair of 5800 series appliances from R80.20 to R80.40.  I am just beginning my search for documentation, procedures, and other experiences doing the same.  While I am basically fishing for experiences performing this upgrade and what kind of things to look out for I welcome all links to documentation or blogs that may be useful.

Questions and Concerns:

  • What features have caused you trouble while upgrading from R80.20 to any other version?
  • Do you have a preferred upgrade method?  Why?
  • Does upgrade path help or should I just rip off the band aid and go straight to R80.40?
0 Kudos
4 Replies
Vladimir
Champion
Champion

If your 5800s were gradually upgraded from R77 to R80.20 and if you can afford downtime window, better way, in my opinion is:

-2. Perform backup on the management server (s)

-1. Perform snapshots on the 5800s

0. Record current cluster networking topology and antispoofing parameters

1. dump Gaia configs from both cluster members (save configuration <filename>,

2. clean it up,

3. fresh install R80.40 + JHFAs (current ongoing release 92 looks better than GA 91)

4. rerun FTW

5. load the Gaia configs

6. Re-establish sic with cluster members

7. Verify and adjust topology data (if necessary)

8. Publish changes and install policy

Otherwise, simply follow upgrade guide and it is pretty trivial:

https://sc1.checkpoint.com/documents/R80.40/WebAdminGuides/EN/CP_R80.40_Installation_and_Upgrade_Gui...

 

Chris_Atkinson
Employee
Employee

Is the management already upgraded to R80.40?

Otherwise keep the following SKs in mind regarding Identity Awareness otherwise should be pretty standard stuff.

sk170516 / sk168066

Kaspars_Zibarts
Authority
Authority

Apart from what @Vladimir wrote, I normally go with CPUSE upgrade, not fresh install. Plus multi-version cluster upgrade option from admin guide. Works like a charm. If you are not using Identity Awareness Captive Portal, I even would go with CPUSE Blink upgrade as you get R80.40 + T91 in one go. 

I wrote about captive portal issues here: https://community.checkpoint.com/t5/Security-Gateways/IA-Captive-Portal-missing-after-upgrade-to-R80... 

dwilliams-dmu
Explorer

So, I am reading that from R80.20 to R80.40, that an in place upgrade will leave the file system at ext3 instead of going to xfs.  I'm not a big filesystem guy.  Are there benefits either directly or indirectly that could be left on the table if we don't do a clean install?

0 Kudos