CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


First, I hope you're all well and staying safe.
Second, I want to give a "heads up" that you should see more activity here shortly, and maybe a few cosmetic changes.
I'll post more details to the "Announcements" forum soon, so be on the lookout. -E

 

Results 1 to 2 of 2

Thread: IPv6Pack zero downtime upgrade on R65 Cluster

  1. #1
    Join Date
    2012-11-08
    Posts
    1
    Rep Power
    0

    Default IPv6Pack zero downtime upgrade on R65 Cluster

    Hi,

    I am in the process of upgrading our checkpoint firewalls to support IPv6.

    We are running R65 with pairs of firewalls running ClusterXL. I know it is possible to perform a Zero Downtime / Full Connectivity Upgrade when upgrading to newer versions, but does this also apply to installing the IPv6Pack?

    I installed the IPv6Pack on one of the cluster's last week and when the first firewall came back online running the IPv6Pack the cluster stopped passing traffic. As soon as I installed the IPv6Pack on the 2nd cluster member, the cluster starting passing traffic again.

    I assume all cluster members must be running the exactly same version in order to function correctly and because one member was running the IPv6Pack and one wasn't, the cluster stopped processing traffic.

    Has anyone performed a Zero Downtime / Full Connectivity Upgrade with the IPv6Pack and R65? I have 2 more clusters to upgrade and these clusters have 24x7 production traffic passing through them, so we can't afford minutes of downtime while both cluster members are upgraded with the IPv6Pack.

  2. #2
    Join Date
    2005-11-25
    Location
    United States, Southeast
    Posts
    857
    Rep Power
    15

    Default Re: IPv6Pack zero downtime upgrade on R65 Cluster

    I hate to be the barer of bad news, but upgrading R65 to IPv6pack was not a good idea. If you had an HFA higher than 40, then you have downgraded your boxes to HFA 40.

    Plus, the IPv6 support in the IPv6 pack is extremely primitive. No clustering, lots of layer 7 support missing etc.

    Pay your software subscription up and upgrade to GAIA. If it's been more then 4 years since your subscription has been paid, then it's likely it will be cheaper to buy new licenses.

Similar Threads

  1. Upgrading cluster firewall with ZERO downtime
    By cciesec2006 in forum Check Point SecurePlatform (SPLAT)
    Replies: 3
    Last Post: 2011-05-10, 23:08
  2. Upgrade NGX R65 Cluster XL to R70.
    By rcatanese in forum Installing And Upgrading
    Replies: 13
    Last Post: 2010-08-31, 14:07
  3. zero downtime upgrade in VRRP only scenario
    By Jhonnywalker in forum Clustering (Security Gateway HA and ClusterXL)
    Replies: 1
    Last Post: 2010-02-18, 00:49
  4. PB with zero downtime Upgrade on SPLAT
    By maxime in forum Installing And Upgrading
    Replies: 2
    Last Post: 2008-09-26, 05:42
  5. A cluster for zero downtime during an upgrade?
    By GordonCopestake in forum Clustering (Security Gateway HA and ClusterXL)
    Replies: 4
    Last Post: 2007-08-08, 02:56

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •