This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Arend
Contributor
3 weeks ago

Migrating frontend Loadbalancer (PIP & LB rules) between CloudGuard deployments(R80.40 to R81.20)

Hi,

We are executing a side-by-side deployment since an inplace upgrade for a HA cloudGuard deployment gives the following error when doing the verifier in the SmartConsole.

Existing: R80.40 HA installation (SmartConsole upgrade to R81.20; output: The package is not valid for installation on the relevant Security Gateways)

R81.20: aio_Check_Point_ivory_main_T631_R81.20_Gaia_3_10_Install_and_Upgrade.tar

We are now considering a new R81.20 side-by-side deployment but the existing R80.40 deployment has 4 Public IP addresses and 8 loadbalancing rules on the frontend Loadbalancer.

What are the instructions to also move the front end loadbalancer instead of recreating the whole public facing frontend?

Arend

 

0 Kudos
3 Replies
Nir_Shamir
Employee Employee
Employee
2 weeks ago

You can create new Backend Pool in your current Frontend LB and put your new GWs in that Backend Pool and just replace between between current Backend Pool to the new Backend pool. 

0 Kudos
Arend
Contributor
2 weeks ago
In response to Nir_Shamir

Hi,

We have it working in LAB as you described and as describd in the manual "CloudGuard Network for Azure High Availability Cluster Deployment Guide". Both inbound and outbound traffic works.

But the guide is very confusing in step 9 of the upgrade "Upgrading a Check Point CloudGuard Network Security High Availability Solution". They mention a new backend pool but a no point before step 9 do they instruct you to make a new pool.

Why do you actually talk a bout a new pool while you can reuse the existing pool and replace the gateway members to the new R81.20 nodes?

GUIDE:
8 Add the new Check Point CloudGuard Network Security High Availability's members to the backend pools:

For each Load Balancer used in the original solution, add the new members to the existing backend pools.

Make sure to select the right IP address (private internal for the backend Load Balancer and private external to the frontend Load Balancer).

9 Edit the backend rules to use only the new backend pool, then remove the checkbox marking the previous pool.

 

 

0 Kudos
Nir_Shamir
Employee Employee
Employee
2 weeks ago
In response to Arend

the guide talks about a new pool but I know a colleague that used the same pool and just added the new members to it.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
UPCOMING CLOUDMATES EVENTS
    All CloudMates Events