 | ||
 Upgrading Nokia cluster setup which comes first Master or Member? | ||
| CPUG | |
| The Check Point User Group | |
| A Resource For The Check Point Community. Fast. Useful. Independent. | |
|
| |||||||
 |
| | LinkBack | Thread Tools | Display Modes |
 2007-10-03 | |||
| |||
 Upgrading Nokia cluster setup which comes first Master or Member? Hi, I would like to know if there is a difference if i upgrade first the cluster member instead the cluster master? Bcoz im upgrading my Nokia IP530 fromm R55 to R62 in 3 weeks time. Mc_rockz  |
| 2007-10-03 | |||
| |||
| Re: Upgrading Nokia cluster setup which comes firs Master or Member? First, is your config distributed or standalone? (is your SCS a separate server or is it on one of your gateways?) A good place for you to start would be reading this: CheckPoint_R65_UpgradeGuide.pdf __________________ There's no place like 127.0.0.1 |
| 2007-10-04 | |||
| |||
| Re: Upgrading Nokia cluster setup which comes firs Master or Member? All the better! This is a very stripped down version of the procedure, but using this and reading the guide should get you where you need to be. I always upgrade my HA (standby) node first per the zero-downtime upgrade procedure. Disconnect SYNC cable (since STATE won't sync between different versions anyway) Once the standby gateway is upgraded (IPSO - then CP), go into SCS and change the Version to R65 (or version du jour that you installed). Then push policy. Policy will only push to the upgraded host because of the version change. If all is well, you should be able to set VRRP (assumption for Nokia box) to a higher priority on the upgraded node so it takes over permanently and then reboot your primary node. It has been my experience that during this process, rebooting the primary or disconnecting the interfaces are the only things that make it fail over because of the loss of state sync. When the untouched node is rebooting, you can stop the boot and enter command line to do the IPSO upgrade on that node. Complete this node, reboot, connect sync cable, push policy and finally, change VRRP back so the designated primary takes over again. During this last VRRP change, STATE sync should be back to normal and you should be done. __________________ There's no place like 127.0.0.1 |
| 2007-10-04 | |||
| |||
| Re: Upgrading Nokia cluster setup which comes firs Master or Member? Hi lammbo, tnx for your guide, im running an Active/active mode load sharing. so im planning to upgrade individually the firewalls. and dont let each other see when one is running an old version and new version. is this right? regards, Mc_rockz |
| 2007-10-05 | |||
| |||
| Re: Upgrading Nokia cluster setup which comes first Master or Member? I can't be 100% certain as I've never built or worked with Active/Active clusters. I can only guess that in your case, this same procedure should work. Can anyone else provide confirmation on this? __________________ There's no place like 127.0.0.1 |
|
| Thread Tools | |
| Display Modes | |
| |
Linear Mode
