We have Full HA Cluster(as described in sk60443) on 4600 appliances R77.30. We want to migrate all configuration from it to 5400 appliances R80.10. How to make it correctly?
Discussed here: Full HA cluster upgrade from R77.30 to R80.10
Thank you for response. So, if I uderstood correctly, we have to upgrade on 4600 cluster and after that run migrate export/import and save/load configuration commands on respective appliances? Will this be enough to move completely from one to another appliance?
As I understand we can use migration tools from R77.30 to R80.10. Will this be enough? I want to note that we need no only upgrade, but move configuration for another appliance.
What are your target appliances models?
From 4600 to 5400, as Serhii described above. Full HA Cluster configuration.
Sorry, didn't register first time around.
I've never done a full HA upgrades myself, but this looks to be the safe approach:
1. "Migrate Export" using old version of migration tools on old active cluster member
2. "Migrate Import" on the same version in intermediate VM environment
3. Install R80.10 migration tools in VM
4. Run pre-upgrade verifier
5. Remedy all conflicts discovered by verifier
6. Perform migrate export
7. configure the new cluster for full-HA in isolated environment (you can use offline CPUSE packages to get the version up to date)
8. Perform migrate import
9. Swap the units in production environment
I am not too familiar with Full HA Cluster, but some of our customers have one. My 2 cents are that I would run "migrate export" on the primary security management server. I would make it the active cluster member before.
Maybe this is not necessary, but I like to be on the safe side.
Runing migrate export is certainly good practise, but why when it is active node ? That is a thing i would never recommend to anyone !
After thinking about it for a moment I am quite sure that you are right: No need to use the active member. But I still would look for the primary SMS for migrate export.
According to documentation, this is the ONLY way to do it - all you can save from sec SMS node is the GAiA config, as the SMS part is installed by the first sync !
Keep in mind that R80.10 management requires significantly more memory than R77.x management does. So your 5400 appliances should have at least 16GB RAM, 32GB would be better.
In your case I'd recommend:
Thanks a lot!
As for 3rd point: Check Point's R80.10 Upgrade Verification and Environment Simulation servicenot support StandAlone installation unfortunately.
And what about Security Gateway which is installed on this appliance too?
Also want to add that migrate export doesn't save Gaia OS configuration. I think we should save it separate.
You will find all needed information in sk108902 Best Practices - Backup on Gaia OS ! But i have to add that Full HA Cluster is not the configuration of my choice at all - if possible, make this move completely satisfying by changing to a distributed deployment with SMS in VM and 5400 GW cluster.
You can run pre_upgrade_verifier script on full ha primary machine without issue. And yes, you need to backup Gaia OS configuration and prepare your draft to new platform.
Retrieving data ...