This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
dwilliams-dmu
Participant
‎2021-02-17 11:38 AM

Upgrading 5800 Appliances R80.20 to R80.40

I am looking for any and all advise regarding upgrading a clustered pair of 5800 series appliances from R80.20 to R80.40.  I am just beginning my search for documentation, procedures, and other experiences doing the same.  While I am basically fishing for experiences performing this upgrade and what kind of things to look out for I welcome all links to documentation or blogs that may be useful.

Questions and Concerns:

  • What features have caused you trouble while upgrading from R80.20 to any other version?
  • Do you have a preferred upgrade method?  Why?
  • Does upgrade path help or should I just rip off the band aid and go straight to R80.40?
0 Kudos
4 Replies
Vladimir
Champion
Champion
‎2021-02-17 07:21 PM

If your 5800s were gradually upgraded from R77 to R80.20 and if you can afford downtime window, better way, in my opinion is:

-2. Perform backup on the management server (s)

-1. Perform snapshots on the 5800s

0. Record current cluster networking topology and antispoofing parameters

1. dump Gaia configs from both cluster members (save configuration <filename>,

2. clean it up,

3. fresh install R80.40 + JHFAs (current ongoing release 92 looks better than GA 91)

4. rerun FTW

5. load the Gaia configs

6. Re-establish sic with cluster members

7. Verify and adjust topology data (if necessary)

8. Publish changes and install policy

Otherwise, simply follow upgrade guide and it is pretty trivial:

https://sc1.checkpoint.com/documents/R80.40/WebAdminGuides/EN/CP_R80.40_Installation_and_Upgrade_Gui...

 

Chris_Atkinson
MVP Gold CHKP MVP Gold CHKP
MVP Gold CHKP
‎2021-02-17 10:14 PM

Is the management already upgraded to R80.40?

Otherwise keep the following SKs in mind regarding Identity Awareness otherwise should be pretty standard stuff.

sk170516 / sk168066

CCSM R77/R80/ELITE
Kaspars_Zibarts
MVP Gold CHKP MVP Gold CHKP
MVP Gold CHKP
‎2021-02-17 10:46 PM
In response to Chris_Atkinson

Apart from what @Vladimir wrote, I normally go with CPUSE upgrade, not fresh install. Plus multi-version cluster upgrade option from admin guide. Works like a charm. If you are not using Identity Awareness Captive Portal, I even would go with CPUSE Blink upgrade as you get R80.40 + T91 in one go. 

I wrote about captive portal issues here: https://community.checkpoint.com/t5/Security-Gateways/IA-Captive-Portal-missing-after-upgrade-to-R80... 

dwilliams-dmu
Participant
‎2021-02-18 10:32 AM

So, I am reading that from R80.20 to R80.40, that an in place upgrade will leave the file system at ext3 instead of going to xfs.  I'm not a big filesystem guy.  Are there benefits either directly or indirectly that could be left on the table if we don't do a clean install?

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events