Question on upgrade from R61 to R65

[bill90039]

Running SecurePlatform (SPLAT) here.

I am going to be upgrading the SmartCenter server first from R61 to R65. I will upgrade my existing VPN-1 gateway server cluster at a later time. (I'm upgrading the SmartCenter server so that I can manage a new set of gateways which will be running R65.)

The upgrade instructions (patch add cd) says it will create a snapshot before the upgrade. It says that the snapshot will stop services (using cpstop).

I need to confirm that the snapshot/cpstop activity will only affect the SmartCenter server itself, and that the active gateways will not be affected.

While the SmartCenter is being upgraded, will the gateways queue up their logging entries locally for subsequent updating into the SmartTracker (on the SmartCenter server) or will I lose gateway logging activity while the SmartCenter is being upgraded?

Hope these questions make sense.

Thanks,
Bill

[melipla]

All very good questions.

The gateways will log locally to their $FWDIR/log directories. I think you have to "pull" them into the smartcenter afterwards if you want the logs to reside centrally, but I've only read about this [see "fw log" from CLI].

The snapshot will only affect services on the smartcenter. It will not stop services on other gateways. If you have any edge devices, be sure to push out a policy to them after you've upgraded the smartcenter server.

HTH

[hotice_]

Logs are indeed stored locally as soon as it detects that it cannot send to the SCS.

It will attempt to "repush" the logs for a certain period of time (half hour?) and then just store it locally.

After you've recovered connectivity between the enforcement point and the SCS, you'll have to push the policy for it to start sending logs home again. To recover the gap in between in the logs, you'll have to fetch the logs from the SCS and then merge it to your current log files...