CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.

First, I hope you're all well and staying safe.
Second, I want to give a "heads up" that you should see more activity here shortly, and maybe a few cosmetic changes.
I'll post more details to the "Announcements" forum soon, so be on the lookout. -E


Results 1 to 3 of 3

Thread: 4808 Gateway Upgrade to Gaia R77

  1. #1
    Join Date
    Rep Power

    Default 4808 Gateway Upgrade to Gaia R77

    I have finished upgrading our SMS to R77 Gaia from R75.40 Gaia to new hardware without any issues, have pushed policy to the R75.40 gateways, and have started to upgrade the 4808 gateway cluster. We are running VRRP and ClusterXL (sync only) on the gateway cluster boxes.
    I have upgraded the standby gateway to R77, disconnected the sync interface between the gateways and the new R7 gateway state now shows active. All traffic is running through the primary gateway member right now.

    Am I correct that because the gateway cluster members are not connected by the sync interface (different OS versions of the cluster members prevent the new R77 member from going to an Active state) that the active connection state will be lost when the upgrade starts on the primary firewall? Will the now standby gateway takeover as master once the upgrade starts even without the sync network connection between the gateways? Would it be better to force traffic to the current standby gateway before starting the upgrade of the primary?

    Thanks in advance for your assistance.

  2. #2
    Join Date
    Rep Power

    Default Re: 4808 Gateway Upgrade to Gaia R77

    You should always be upgrading your Standby Gateway first.

    Once that is upgraded then even if the Sync link is connected ( I never bother to disconnect it during the upgrade ) then as on different versions will not synch the connections, and so when you shutdown the Primary to make the upgraded one active then you will lose the Active connections.

    Personally I rebuild rather then upgrade Gateways

  3. #3
    Join Date
    Rep Power

    Default Re: 4808 Gateway Upgrade to Gaia R77

    Thanks for responding.

    Yes, I did upgrade the standby gateway first.

    Failover to the standby gateway was almost seamless - only dropped one ping and no there were no user disruptions.

    The upgrade of the primary gateway also completed normally. I rebooted the primary and reconnected the sync connection, observed failback to the primary, then pushed policy, and all is back to normal now. :)

    This was the first upgrade I've done on one of the 2012 appliances and I'm pleased it went well.

Similar Threads

  1. Replies: 1
    Last Post: 2014-04-28, 10:08
  2. Gateway Selection in E75.30 after Gateway Upgrade to R75.46
    By Hazmats in forum Endpoint Security Product (E80 and All That)
    Replies: 2
    Last Post: 2013-11-19, 03:30
  3. Eval install of GAiA R77 - activating software blades
    By acravens in forum Installing And Upgrading
    Replies: 2
    Last Post: 2013-11-05, 18:11
  4. Replies: 0
    Last Post: 2013-10-11, 09:25
  5. Delayed R60 gateway upgrade after mangement/gateway combo upgrade to R75
    By netstorm in forum Security Management Server (Formerly SmartCenter Server ((Formerly Management Server))
    Replies: 3
    Last Post: 2012-01-05, 09:41


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts