This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
sorinstf
Participant
‎2023-10-10 12:08 PM

MDS upgrade from R80.40 to R81.20 and change leading IP

Hello, 

We are currently running MDS R80.40 as a standalone server on an AWS EC2 instance. 

I have planned to upgrade to R81.20 using side by side option (in place upgrade failed, CP TAC recommended advanced upgrade).

Due to AWS EC2 limitations, we can't reuse the same Leading IP address assigned to MDS R80.40 (as it is tied to the ethernet interface and dies with the EC2 instance). 

Q: What's the impact of having a new Leading IP address on a new MDS running R81.20, after migrate_server import r80.40 archive is imported? There are about 10 domains  and 100 firewalls (including clusters).

Thanks! 

Sorin

 

 

 

 

 

 

Labels
0 Kudos
2 Replies
Amir_Senn
Employee
Employee
‎2023-10-18 08:42 AM

I don't know the exact details but from my experience you will face communication issues, license issues, logging issues, etc.

In the DB it listens to specific IPs and changing it in the portal only will not work without more actions.

You can use this guide: https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_Installation_and_Upgrade_Guide/Top...

If you want, there's also CPUSE package for AWS. If upgrade fails it should revert back to source version. If you want extra backup you can create manual snapshot and in case something has gone wrong you can always install a new machine with same IP + aliases and import it. Package available here: https://support.checkpoint.com/results/sk/sk177714

Anyway, any way you choose to upgrade, I suggest working along with this admin guide: https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_Installation_and_Upgrade_Gui...

 

Kind regards, Amir Senn
0 Kudos
sorinstf
Participant
‎2023-10-25 01:17 AM
In response to Amir_Senn

Hello Amir, 

I really appreciate your reply.  

First of all, I just want to confirm that the upgrade went well from R80.40 to R81.20 using Advanced Upgrade (migrate_server export and import on the new AWS EC2 MDS).  Export/ import took about 2 hrs for a 2 GB database, 11 CMAs.

I have planned this upgrade for the past 2 months.  AWS deployments are different to manage from on prem - for example Leading IP address which is tied to eth0 adapter can't be reused to another EC2 instance unless you terminate it (EC2)- which was not possible as this was the roll back plan. Secondary IP addresses (11 in my case) can be re-assigned.  

CPUSE upgrade failed - TAC confirmed that the file system (XFS) is not supported by the upgrade tool agent - not being documented!

About Leading IP address - new MDS R81.20 EC2 instance had a new IP address - this is mainly used for administrative purposes, for example admins to connect to and for MDS to talk to each individual domain.

Each CMA in my case is logging  and it's using its own IP address, and logging worked after migration.

AWS Check Point AMI - I used R8120BYOLMGMT: ami-00e053dc6b41c8c83. Very quick deployment using m5.4xlarge. CP script is creating a 20 GB root partition!!?!  I have provisioned a 2000 GB volume and CP script is creating a 20 GB root partition ?! 

Of course that after importing the DB (was testing this about 1 month ago) import failed at 99%, because the root partition was full.  Terminate instance, deploy a new one,  lvm_manager to the rescue (always take  snapshots, backups etc). 

All the best!

Sorin

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events