 | ||
 Upgrading IPSO 3.3 to 3.8 | ||
| CPUG | |
| The Check Point User Group | |
| A Resource For The Check Point Community. Fast. Useful. Independent. | |
|
| |||||||
 |
| | LinkBack | Thread Tools | Display Modes |
 2006-05-16 | |||
| |||
 Upgrading IPSO 3.3 to 3.8 Hello, I was wondering if I can upgrade IPSO 3.3 to 3.8 without having to upgrade the bootmanager. I read that if you are upgrading your IPSO from 3.3 or 3.3.1, then you do not need to upgrade the boot manager prior to installing the new image. The newimage command should automatically upgrade the boot manager. I am upgrading a VPN Applicance 330 running IPSO 3.3 Thanks  |
| 2006-05-17 | |||
| |||
| Re: Upgrading IPSO 3.3 to 3.8 Check the Release Notes of the IPSO 3.8 they should answer your question. but IPSO 3.3 is an old one, check if is possible an directly upgrade to 3.8 In my exprience if i make a fresh install not an upgrade the boot manager is automatically upgraded if necessary. LR |
| 2006-05-20 | |||
| |||
| Re: Upgrading IPSO 3.3 to 3.8 There are a few tricks/gotcha's on upgrading from and old version of IPSO. IPSO 3.3 and later automatically upgrade the boot manager as part of the upgrade process. You do not have to do it manually. The main problem is that in releases prior to 3.4, the swap space is limited to 256MB and just doing an upgrade will keep it like that. The new versions of CP need more than that. To get more than 256MB, you have to do a clean install of IPSO directly from boot manager. My recommendation is that if this is just a firewall then just make a list of all of the settings that you need (IP addresses, arp entries, static routes, any other configurations), and do a clean install from the boot manager of the version of IPSO that you want. Once that is done then rebuild with the information above, reinstall CP, reset SIC and push policy. This can be a pain but probably the cleanest way. Alternatively, you can do the upgrade. To upgrade from 3.3 to 3.8, you will have to upgrade to another build first as you can't do it one step. You can only upgrade to 3.8 from 3.5 or above. From 3.3 you can succesfully upgrade to 3.5 (maybe even 3.6 or 3.7, check the release notes of those version before you do it) and then you can upgrade from 3.5 to 3.8. With all of this you will have to upgrade Check Point as 3.8 only supports R55p (aka R55 for IPSO 3.8). If this is not a management station, don't bother upgrading Check Point at this point. To get by the swapspace issue, you will now have to do a full backup of IPSO via Voyager (transferring it off the appliance) and then do a clean install of IPSO 3.8 from the boot manager, do a restore of your IPSO backup and then install Check Point. Points of Note... -The only way to get more swapspace is to do a clean install via boot manager. -You can't do a backup on one version of IPSO and restore it on another. It has to be made from the same version of IPSO. |
| 2006-05-22 | |||
| |||
| Re: Upgrading IPSO 3.3 to 3.8 Hey, Thanks for the responses. I tried a fresh Install but this it doesn't work below is what happens. ################### IPSO Full Installation #################### You will need to supply the following information: Client IP address/netmask, FTP server IP address and filename, system serial number, and other license information. This process will DESTROY any extant files and data on your disk. ################################################## ############### Continue? (y/n) [n] y The chassis serial number can be found on a sticker on the back of the unit with the letters S/N in front of the serial number. Please enter the serial number: 8xxxxxxxxx5 Please answer the following licensing questions. Please choose a product from the following: 1. VPN-1 Appliance 400 Series 2. VPN-1 Appliance 600 Series 3. VPN-1 Appliance 300 Series 4. VPN-1 Appliance 100 Series Which product are you installing? :[1]3 Will this node be using IGRP ? [y] n Will this node be using BGP ? [y] n 1. Install from anonymous FTP server. 2. Install from FTP server with user and password. Choose an installation method (1-2): 1 Enter IP address of this client (0.0.0.0/24): 192.168.0.2 Please enter a netmask length: (24)24 Enter IP address of FTP server (0.0.0.0): 192.168.0.1 Enter IP address of the default gateway (0.0.0.0): 192.168.0.1 Choose an interface from the following list: 1) eth-s2p1 2) eth-s2p2 3) eth-s3p1 4) eth-s4p1 5) eth-s5p1 Enter a number [1-5]: 3 Would you like to use 100 Mb speed for eth-s3p1? [n] y Half or full duplex? [h/f] [h] f Enter path to ipso.tgz on FTP server [/]: 1. Retrieve all valid packages, with no further prompting. 2. Retrieve packages one-by-one, prompting for each. 3. Retrieve no packages. Enter choice [1-3] [1]: 3 Client IP address = 192.168.0.2/24 Server IP address = 192.168.0.1 Default gateway IP address = 192.168.0.1 Network Interface = eth-s3p1, speed = 100M, full-duplex Server download path = [//] Package install type = none Are these values correct? [y] y netlog:eth-s3p1 .. enabling 100baseTX/UTP port in half duplex mode netlog:eth-s3p1 .. enabling 100baseTX/UTP port in full duplex mode Checking what packages are available on 192.168.0.1. Hash mark printing on (1048576 bytes/hash mark). Interactive mode off. # The following packages are available: IPSO3.8_wrapper_R55.tgz Building filesystems...done. Making initial links...done. Downloading compressed tarfile(s) from 192.168.0.1. Hash mark printing on (1048576 bytes/hash mark). Interactive mode off. /ipso.tgz: No such file or directory. ipso.tgz was improperly loaded, try again. Enter IP address of this client (192.168.0.2/24): |
| 2006-05-22 | |||
| |||
| Re: Upgrading IPSO 3.3 to 3.8 Quote:
Pretty simple: on your FTP server you have only the Checkpoint NG AI installation (file: IPSO3.8_wrapper_R55.tgz ) and not the ipso upgrade (file: ipso.tgz). You must put your ipso file uin the ftp directory and name it ipso.tgz NOTE: the file IPSO3.8_wrapper_R55.tgz IS NOT the ipso upgrade!!! Hope this will help. __________________ Alfredo Cozzino CCSA/CCSE NG AI |
|
| Thread Tools | |
| Display Modes | |
| |
Linear Mode
