Upgrading with platform change

[rewind]

Guys,

I have to upgrade/reinstall a CP Firewall.

The original system is a Windows system, gateway and SmartCenter on the same system, Checkpoint version is NG R55.

The destination system is two NOKIA IP 290 in a cluster, the Nokias came preloaded with IPSO 4.2 BLD 042 and Checkpoint NGX R65. The SmartCenter should go to a Windows server.

I am doing a test installation right now and I think I have done the VRRP configuration on the IPSO side right.

I have now installed a Windows testserver for the SmartCenter and wanted to import an upgrade_export file from the original system. This failed with the following message:

- To upgrade to NGX R65, YOU MUST FIRST upgrade licenses for all NG products.
- NGX R65 with licenses from NG or prior to NG version WILL NOT FUNCTION.
- The license upgrade process gathers all the licenses from this machine, sends
them in SSL encrypted format to the User Center, gets the upgraded licenses and
installs them on the machine.
- The license upgrade process on the SmartCenter Server also handles gateway
licenses in the license repository.
- After the software upgrade, open SmartUpdate and attach the new NGX licenses
to the gateways.
- To simulate the license upgrade, quit the installation, run the license upgrade
utility (located on the CD at <OS>\license_upgrade), and select the Simulate option.
- For more details, see the License Upgrade chapter of the Upgrade Guide (located
on the CD and at the Check Point Download site).


I have a CD that does not contain this software nor could I find this software on the checkpoint site. This test installation has no internet connection. Could someone please provide me with a working link for the upgrade guide into the Check Point Download site or tell me what I have to do?

I am also very unsure if what I want to do (the upgrade_export / upgrade_import) is the right way for this installation. If I change the OS for the gateways, a lot of network objects, e.g. the names of network interfaces will not be right (different naming conventions). Will I be able to correct this afterwards?

Thanks,
rewind

[Yasushi Kono]

Hi,
sorry for my bad English skills.

I cannot provide you with the IPSO version of R65 at the moment as my copy located on a Nokia IP 260 seem to be corrupt. I know Nokia well, just to let you know that I am not a beginner.

upgrade_export is the right tool. You have to install R65 from the scratch on you Nokia boxes on top of IPSO 4.2.
So, upgrade_import your exported configuration onto a test environment to make sure that your config is fine. Afterwards, you have to strip off the gateway portion to get a SmartCenter only system. You have to install R65 on Nokia from scratch, configure SIC between SmartCenter and Nokia IP. Then, you have to configure VRRP on top of IPSO and create a cluster object in SmartDashboard. That's it.

For upgrade_import/export it does not matter if you are going to change the operating system.

Kind regards,
Yasushi

[chillyjim]

Quote:

Originally Posted by rewind

I have a CD that does not contain this software nor could I find this software on the checkpoint site. This test installation has no internet connection. Could someone please provide me with a working link for the upgrade guide into the Check Point Download site or tell me what I have to do?

I am also very unsure if what I want to do (the upgrade_export / upgrade_import) is the right way for this installation. If I change the OS for the gateways, a lot of network objects, e.g. the names of network interfaces will not be right (different naming conventions). Will I be able to correct this afterwards?

Thanks,
rewind

1. You may upgrade licenses manually from usercenter.checkpoint.com
2. Yes upgrade/export is the right way
2b. Yes you can fix anything latter.

[cgit01]

I'm not an expert, but am going through a similar process.

The tool you are looking for is called license_upgrade.exe

It can be downloaded from

https://supportcenter.checkpoint.com...nter/index.jsp

Just put license_upgrade.exe in the search string. This tool requires internet access and a valid user center account in order to run. It also has several options which include the ability to simulate the license upgrade.

As stated by others, you can access all of your licenses through the user center and manually move them to your system.

You would do this by logging into the user center and selecting your products tab. You can then upgrade your licenses to NGX and download them through the "Get License File" action. You can then add these licenses on your Smart Center via sneakernet if you don't have the system on a network.

One comment on the use of upgrade_export.exe and upgrade_import.exe.

In my current upgrade (trial-by-fire-learning-experience) I found these utilities to work best if the machines have the same version of Checkpoint and the same HFA levels. I cannot say if you can export from an R55 system and import it into R65 system without error. Perhaps those with more experience than I have can elaborate on this.


Hope this helps.