Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
MtxMan
Contributor
Jump to solution

Upgrade to New Hardware Steps

Hi Checkmates,

currently my customer using 4800 HA (R77.30) and Smart-1 410 (R80.10) and they decided to upgrade to latest hardware version using 6600 HA + Smart-1 600S then targeting using latest os also R81.10.

anyone know how to seamlessly upgrade from old hardware and software to latest hardware and software?

what is coming to my mind is, i upgrade smart-1 to R81.10 then copy snapshot and import to new smart-1, is it good move? and for gateway i think there is no issue, because i only need copy via "show configuration"..

 

Thanks!

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin

Only if you can get the source and destination to have the exact same JHF level installed, otherwise you cannot use a system backup for this.
This limitation is documented here: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut... 

You can do one of two things for upgrading your management:

  • Upgrade the existing management to R80.40 in-place, take a Gaia backup, restore onto the same version/JHF level on the new hardware, then upgrade to R81.10 in-place.
  • Install a fresh VM with R80.40, use the legacy migration tools to migrate the existing Smart-1 configuration to this VM, use the newer migration tools to export this configuration to the new Smart-1 on R81.10.

I like the second approach because the existing management will remain unaffected by the upgrade except for when the migrate export is run (i.e. because it requires a cpstop).

On the gateway side, provided you've made all your configuration changes to the gateway only via clish/WebUI or SmartConsole a "show configuration" from the gateways should suffice as a starting point.
If you have modified any other files (these were documented somewhere, right?), then they will have to be backed up separately.
Given the large number of changes between R80.10 and R81.10, all of those changes will need to be reviewed to see if they are applicable or even necessary.
Which means, even if we backed up/restored those files, you might end up breaking things.

View solution in original post

6 Replies
PhoneBoy
Admin
Admin

Snapshots only work on the exact same hardware model on which they were taken.
You will need to use the advanced migration process, which will involve an upgrade to R80.40 as an interim step.

show configuration will get the OS configuration but will miss any manually modified files. 

MtxMan
Contributor

Hi @PhoneBoy 

so mean that i need to upgrade existing and new management to R80.40 then perform system backup?

noted, so whats your recommendation for gateway instead?

0 Kudos
PhoneBoy
Admin
Admin

Only if you can get the source and destination to have the exact same JHF level installed, otherwise you cannot use a system backup for this.
This limitation is documented here: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut... 

You can do one of two things for upgrading your management:

  • Upgrade the existing management to R80.40 in-place, take a Gaia backup, restore onto the same version/JHF level on the new hardware, then upgrade to R81.10 in-place.
  • Install a fresh VM with R80.40, use the legacy migration tools to migrate the existing Smart-1 configuration to this VM, use the newer migration tools to export this configuration to the new Smart-1 on R81.10.

I like the second approach because the existing management will remain unaffected by the upgrade except for when the migrate export is run (i.e. because it requires a cpstop).

On the gateway side, provided you've made all your configuration changes to the gateway only via clish/WebUI or SmartConsole a "show configuration" from the gateways should suffice as a starting point.
If you have modified any other files (these were documented somewhere, right?), then they will have to be backed up separately.
Given the large number of changes between R80.10 and R81.10, all of those changes will need to be reviewed to see if they are applicable or even necessary.
Which means, even if we backed up/restored those files, you might end up breaking things.

garrod
Contributor

If you have some local configuration, it will not be exported with the migration tools, some of the configuration which I found can be important are as belows:

$FWDIR/boot/modules/fwkern.conf
$FWDIR/boot/modules/vpnkern.conf
$PPKDIR/boot/modules/simkern.conf
$PPKDIR/boot/modules/sim_aff.conf
$FWDIR/conf/fwaffinity.conf
$FWDIR/conf/local.arp
$FWDIR/conf/discntd.if
$FWDIR/conf/cphaprob.conf
$FWDIR/conf/cpha_bond_ls_config.conf
$FWDIR/conf/fwauthd.conf
$FWDIR/conf/resctrl
$FWDIR/database/qos_policy.C
/var/ace/sdconf.rec
/var/ace/sdopts.rec
/etc/snmp/snmpd.conf
/etc/snmp/userDefinedSettings.conf
/etc/snmp/snmpmonitor.conf

MtxMan
Contributor

so i need to backup manually for those file config right?

0 Kudos
PhoneBoy
Admin
Admin

Yes, if you make ANY changes in expert mode, those changes will need to be backed up manually.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events