Thank you ! Sent via email 

Unfortunately it means that with this Workaround all GW will download the file from the Management. We would prefer from cloud for performance reason (65 GW to upgrade)

I know there would be lots of people who will disagree with what I will say, but personally, I NEVER do any upgrades from smart console. I find its very unreliable (based on my lab tests) and doing it old school way from web GUI is what I always stick with and works totally fine.

Best,

Andy

Hey Andy,

Can you list the "old school way" steps regarding cluster upgrade? Specifically hotfix patching?

Super easy. ALWAYS do these steps on whichever one is backup member first, which can be verified by cphaprob state or cphaprob roles commands.

-log into web UI, status and actions, confirm right jumbo

-right click, verify

-if all green, just hit install

-wait until reoots, run cphaprob state to make sure it still shows backup and and also cpinfo -y fw1 to confirm new jumbo

-do same steps on master, and once rebooted, it would show as backup member and to fail back (if you like), run clusterXL_admin down; clusterXL_admin up on first member (original backup)

-install policy

Thats it 🙂

Andy

Thanks for the comment.

Regarding the last step, I run both clusterXL_admin commands on the original backup? Or do I need to run admin_down on the original backup and admin_up on the original active?

You do it EXACTLY how I did it below (from my lab example) and if you get worried/concerned/confused or all 3, ping me and we can do remote.

Andy

****************************************************

Send automatic password
Access denied
admin@172.16.10.247's password:
Last login: Tue Jul 2 10:07:02 2024 from 100.65.16.1
[Expert@CP-FW-02:0]# cphaprob roles

ID Role

1 Non-Master
2 (local) Master

[Expert@CP-FW-02:0]# cphaprob state

Cluster Mode: High Availability (Active Up) with IGMP Membership

ID Unique Address Assigned Load State Name

1 169.254.0.112 0% STANDBY CP-FW-01
2 (local) 169.254.0.111 100% ACTIVE CP-FW-02

Active PNOTEs: None

Last member state change event:
Event Code: CLUS-114904
State change: ACTIVE(!) -> ACTIVE
Reason for state change: Reason for ACTIVE! alert has been resolved
Event time: Mon Jul 1 17:15:47 2024

Last cluster failover event:
Transition to new ACTIVE: Member 1 -> Member 2
Reason: ADMIN_DOWN PNOTE
Event time: Mon Jul 1 16:47:00 2024

Cluster failover count:
Failover counter: 3
Time of counter reset: Thu Jun 27 20:23:48 2024 (reboot)

[Expert@CP-FW-02:0]# clusterXL_admin down;clusterXL_admin up
This command does not survive reboot. To make the change permanent, run either the 'set cluster member admin {down|up} permanent' command in Gaia Clish, or the 'clusterXL_admin {down|up} -p' command in Expert mode
Setting member to administratively down state ...
Member current state is DOWN
This command does not survive reboot. To make the change permanent, run either the 'set cluster member admin {down|up} permanent' command in Gaia Clish, or the 'clusterXL_admin {down|up} -p' command in Expert mode
Setting member to normal operation ...
Member current state is STANDBY
[Expert@CP-FW-02:0]# cphaprob state

Cluster Mode: High Availability (Active Up) with IGMP Membership

ID Unique Address Assigned Load State Name

1 169.254.0.112 100% ACTIVE CP-FW-01
2 (local) 169.254.0.111 0% STANDBY CP-FW-02

Active PNOTEs: None

Last member state change event:
Event Code: CLUS-114802
State change: DOWN -> STANDBY
Reason for state change: There is already an ACTIVE member in the cluster (member 1)
Event time: Wed Jul 3 08:35:00 2024

Last cluster failover event:
Transition to new ACTIVE: Member 2 -> Member 1
Reason: ADMIN_DOWN PNOTE
Event time: Wed Jul 3 08:34:59 2024

Cluster failover count:
Failover counter: 4
Time of counter reset: Thu Jun 27 20:23:48 2024 (reboot)

[Expert@CP-FW-02:0]#

*****************************************************

Thanks a lot for this. I now got it.

Did it work?

I did the upgrade using SmartConsole, but I used your example in order to failover back to the original active member. Thanks!

Good job!

Any updates on this? I have the same issue.

I recently used this method for jumbo update on R81.20 and was fine. Whats version you are upgrading from and to?

Andy

R81.10 Take 130 to R81.10 Take 139

I think that CPUSE might provide more detailed error. Perhaps you can use it on a single GW and use verify on the package. If you have a lot of GWs this worth a shot.

Upgrade via SmartConsole finally worked with R81.10 Take 150 and SmartConsole 81.10.9600.423 as a basis.

And I don´t think there were related changes within our Checkpoint environment but I also didn´t notice anything specific in the changelogs.

I will say,my memory at 45 is not nearly as good as when I was 25 (lol), but Im fairly sure I had seen the post on here before where someone mentioned update to smart console would roll out based on the regions, but in R81.20, I would get an option to update same day it showed as released.

Andy

Did you check with TAC?