Migration Of Modules(NG R55 to NGX R65)

[mailbennyjohn]

Hi,

We have recently upgraded our provider 1 Environment to NGX R65 from NG R55. Now we are in the process of module upgrade (NGX R65 from NG R55). Right now the modules (Secure Platform) are in clustered environment.
We are not planning to do an inline upgrade. We have to new servers and we need to migrate from the old servers (secure platform) to the new servers (Secure Platform).
Can anyone please let me know the procedure to perform this upgrade?

Procedure which I have in my mind:
1. Take a backup of the modules (NG R55) using the backup command.
2. Install the NGX R65 in the new servers.
3. Restore the configuration from backup to the new servers.

Regards
Benny

[chillyjim]

Quote:

Originally Posted by mailbennyjohn

Procedure which I have in my mind:
1. Take a backup of the modules (NG R55) using the backup command.
2. Install the NGX R65 in the new servers.
3. Restore the configuration from backup to the new servers.

Regards
Benny

That will work, assuming the the hardware is very close.
If you don't have a lot of routes and users on the modules, then you can just push the rule base to them.

Some key files to copy to a fresh install are:

/etc/password
/etc/shadow
/etc/scpusers
/etc/resolv.conf
/etc/sysconfig/netconfig.C

That will get you 90% of the config

[cciesec2006]

don't forget the /etc/rc.d/rc.local and $FWDIR/boot/modules/fwkern.conf
if you have customization in your environment. /etc/rc.d/rc.local has to
do with the NIC setting and fwkern.conf has to do with simultaneous ping
to cluster and physical ip address and freeze the cluster during a policy
push, thing like that.

[mpayette]

Just completed an NG R55 to NGX R65 upgrade.... Here is what I did.

1) On the old server, copy the upgrade_export tool from the NGX R65 cdrom into the /$fwdir/bin directory and run the file. This will create a .tar file which you need to backup.

2) Build the new server, and install Chekcpoint NGX R65 on it. Make sure the new server has the same network configs as the old one.

3) Copy over the .tar file and also the upgrade_import tool from the NGX R65 cdrom and do an upgrade_import.

4) Check the configs.

5) Roll the new server into production either with a 30 eval or your upgraded license key.

The only real problem I had was with the VPN-1 Accelerator card... Still working on finding a solution to this...

Hope this helps...