CPUG

The Check Point User Group

A Resource For The Check Point Community.  Fast.  Useful.  Independent.

1. CCSA/CCSE One-Week Dual-Certification Training Course with CPUG in San Francisco!
    Courses Starting 12/8, (2009) 1/19, 2/9, 3/9, 4/6, 5/4, 6/8, 7/6, 8/3.
2. Join Us On LinkedIn - We now have a CPUG group.


Go Back   CPUG: The Check Point User Group > Check Point Firewall-1/VPN-1 And Related Products > Installing And Upgrading
Another upgrade question!! Another upgrade question!!
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 2007-11-09
Junior Member
  
Join Date: 2007-11-07
Posts: 2
Rep Power: 0
julian.proudfoot has an average reputation (10+)
Default Another upgrade question!!
Hello,

I'm afraid it's another question about upgrading a Nokia IPSO appliance to the latestest IPSO and Checkpoint versions.....

I'm currently running a pair of clustered Nokia IP380 running IPSO 3.8 build 39 and Checkpoint R55, management is from a W2k3 server which is virtualised on a VMWare VI3 host. I need to update to a much later version to be relativeley up to date, I am not sure exactly which version I will be going to yet due to corporate regulatory requirements. We also have a Symantec SIM appliance that monitors our checkpoint setup as an OPSec application.

My plan so far is:

1. Ensure I have the correct IPSO image and patches, checkpoint version and patches, and license file for checkpiont to hand
2. At the agreed downtime window, confirm enforcement modules and console function correctly
3. Take a VMWare snap shot of the management console, powerdown the second Nokia appliance
3.5 Have very large and strong coffee and take deep breath
4. Apply Windows SP2 for 2K3 to management console, recheck functionality
5. Update the checkpoint products on the management console including the new license file
6. Check console to enforcement comms by pushing policy
7. Execute a backup of the Nokia through voyager interface and tftp to a safe location
8. Upgrade the IPSO image and apply any patches
9. Install checkpoint on the Nokia
10. Reconnect the updated Nokia and Checkpoint to the management console and push the policy
11. Check all functionality of updated appliance
11.5 Have another strong coffee
12. Repeat steps 6 to 11.5 for the second appliance
14. Check functionality of entire system
15. Ensure Symantec Sim still receives data

The process break points will be at steps 2,4,6,7 and 11 and the backout plan would be to rebuild the Nokia's using the backups taken and/or revert the management console via the VMWare snapshotting tool.

If step 15 fails, but the firewall system is fine then we would live with that until we fix the OPsec communications.

All feedback and comments welcome!!

Thank you,

Julian.
Reply With Quote
  #2 (permalink)  
Old 2007-11-09
Senior Member
  
Join Date: 2007-06-04
Posts: 1,071
Rep Power: 3
mcnallym has an average reputation (10+)
Default Re: Another upgrade question!!
What I would do is turn off the Check Point wrapper before upgrading the IPSO on the Nokia, upgrade the IPSO then clean install a new NGX wrapper to the upgraded IPSO.

Note that if you push a policy to an R55 Check Point from NGX Management Console then the VPN tunnels will fail until reset with the vpn tu or restart the Check Point.
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


All times are GMT -7. The time now is 01:31.

Contact Us - CPUG Home Page - Archive - Top

Powered by vBulletin® Version 3.7.4
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.2.0