CLUSTER FIREWALL UPGRADE NGR55 TO NGXR62

[mc_rockz]

Guys need your inputs,

Current Setup:
1 - Smart Center Server NG R55 (Win2k)
1 - Pair Nokia IP530 Firewall, 512MB running Load sharing.
IPSO = 3.7.1
CP = R55
Upgrade to: CP NGX R62 using IPSO 4.1 build 28 or IPSO 4.2 build 42

My Procedure;
smartcenter:
1. Upgrade license on the smart center
2. Software upgrade on smart center to R62.
3. Test SIC Status, Push Policy.

Firewall: Individual firewall approach.
1. pullout 1st cluster firewall and do upgrade while 2nd cluster firewall is running.
2. After the upgrade of 1st cluster firewall, shutdown first the 2nd cluster firewall and insert back the 1st cluster firewall w new software installed.
3. Test SIC status bet smartcenter and 1st cluster firewall. Update the Firewall version at Cluster properties.
4. Clear the box On Gateway clusters, "Install on all members, if it fails do not install at all" before pushing the policy to the firewall this will install the policy to the 1st cluster firewall but not on 2nd cluster firewall since it is shutdown.
4. Upgrade the 2nd cluster firewall.
5. After the upgrade of the 2nd cluster firewall, shutdown again the 1st cluster firewall to perform verification and testing only on the 2nd cluster firewall.
6.Test SIC Status bet smartcenter and 2nd cluster firewall.Update the Firewall version at Cluster properties
7. Clear the box On Gateway clusters, "Install on all members, if it fails do not install at all" before pushing the policy to the firewall this will install the policy to the 2nd cluster firewall but not on 1st cluster firewall since it is shutdown.
8. If everythings ok. Power on the 1st cluster firewall while 2nd cluster is running to start the cluster setup.
9. Test the cluster setup.

Question: is there a problem i upgrade first the cluster member and not the cluster master?

thankx

[Danielpb]

Hi I must admit I have not done that many upgrades...but I take it your using High availability (Vrrp) and not Load sharing?

If so as long as you take one cluster member down at a time I can't see any issues. Probably best to upgrade the secondary member first depending on your current state.

Cheers

Dan

[chillyjim]

The process is fully documented in the upgrade guide. Please read it before you try the upgrade.

[mc_rockz]

Quote:

Originally Posted by Danielpb

Hi I must admit I have not done that many upgrades...but I take it your using High availability (Vrrp) and not Load sharing?

If so as long as you take one cluster member down at a time I can't see any issues. Probably best to upgrade the secondary member first depending on your current state.

Cheers

Dan

Hi Dan,
im using clustering Load sharing.


Marlon

[mc_rockz]

Hi chillyjim,

i already read the upgrade guide. im using the individual gateway upgrade for our clusters.

is there anything i missed out. because my worries is the clustering after the upgrade. we are not using the VRRP.

Regards,
Marlon