CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Results 1 to 3 of 3

Thread: Upgrading Gaia R77 to R77.30 Advise

  1. #1
    Join Date
    2015-11-05
    Posts
    4
    Rep Power
    0

    Default Upgrading Gaia R77 to R77.30 Advise

    Hi Everyone,

    Any advise on upgrading Gaia R77 to R77.30?
    My inherited environment consists of one security management server VM running Gaia R77 (distributed deployment). This SMS is managing two 12400 appliance running Gaia R77 (configured in ClusterXL HA mode).
    So far I've read the Installation and upgrade guide for Gaia platforms and R77.30 release notes. However I need some more advise.
    My upgrade plans are:
    1. Upgrade the SMS to R77.30 either via Software Updates web interface or Clish (which one is the best? will the upgrade keeps any custom config files?)
    2. Upgrade the standby 12400 appliance to R77.30 (planning to use ClusterXL High Availability with Connectivity Upgrade procedure). Push the policies from SMS.
    3. Fail over the active appliance to standby then upgrade it to R77.30
    4. Push policies to both appliances.

    My questions are:
    1. After I upgraded my SMS to R77.30, can it manages the appliances running Gaia R77 (if I don't upgrade the appliances at the same time)?
    2. What is the best method to upgrade the appliances in case there are custom config files? via Gaia Software Update or Clish?
    3. Do I need to run migrate export tools to backup the config of the SMS and 12400 appliances then restore them to the new R77.30? or the backup from the Gaia portal is sufficient to restore?
    4. What happen to existing end user VPN connections during appliance upgrade (planning to use ClusterXL High Availability with Connectivity Upgrade procedure)? disconnected or the other appliance takes over the connection?

    Thanks heaps for the help and assistance.

    Wang

  2. #2
    Join Date
    2007-06-04
    Posts
    3,247
    Rep Power
    15

    Default Re: Upgrading Gaia R77 to R77.30 Advise

    Responses underlined

    Quote Originally Posted by WangL View Post
    Hi Everyone,

    Any advise on upgrading Gaia R77 to R77.30?
    My inherited environment consists of one security management server VM running Gaia R77 (distributed deployment). This SMS is managing two 12400 appliance running Gaia R77 (configured in ClusterXL HA mode).
    So far I've read the Installation and upgrade guide for Gaia platforms and R77.30 release notes. However I need some more advise.
    My upgrade plans are:
    1. Upgrade the SMS to R77.30 either via Software Updates web interface or Clish (which one is the best? will the upgrade keeps any custom config files?)
    2. Upgrade the standby 12400 appliance to R77.30 (planning to use ClusterXL High Availability with Connectivity Upgrade procedure). Push the policies from SMS.
    3. Fail over the active appliance to standby then upgrade it to R77.30
    4. Push policies to both appliances.

    My questions are:
    1. After I upgraded my SMS to R77.30, can it manages the appliances running Gaia R77 (if I don't upgrade the appliances at the same time)?
    R77.30 can manage all the way back to R65 Gateways, and should keep custom files, R77 and R77.30 use same files so shouldn't be a problem


    2. What is the best method to upgrade the appliances in case there are custom config files? via Gaia Software Update or Clish?
    Personally like using Gaia Software Update - as usual though make backups of the system before hand ( which should do whichever way is done )

    3. Do I need to run migrate export tools to backup the config of the SMS and 12400 appliances then restore them to the new R77.30? or the backup from the Gaia portal is sufficient to restore?
    The migrate export will take a backup, but is only for the SMS, no need to restore after the upgrade unless planning an Advanced Upgrade ( would recommend ) as in build a new VM to Gaia R77.30 with the same IP/Hostname export from R77 and import into R77.30. No need to restore configuration after the upgrade of the Gateways

    4. What happen to existing end user VPN connections during appliance upgrade (planning to use ClusterXL High Availability with Connectivity Upgrade procedure)? disconnected or the other appliance takes over the connection?
    VPN's SHOULD swapover to the active unit if doing the Full Connectivity Upgrade however I normally suggest a maintenance window so people expect an outage if it occurs. Remember if plan a 10-15 minute break and it isn't needed you are a Hero. If you don't and is a 1 minute break you are vilified as taking the connection out.

    Thanks heaps for the help and assistance.

    Wang

  3. #3
    Join Date
    2015-11-05
    Posts
    4
    Rep Power
    0

    Default Re: Upgrading Gaia R77 to R77.30 Advise

    Upgrade from R77 to R77.30 completed successful.

    One thing to watch out after the upgrade is you may need to reconfigure your DHCP relay rules - see https://supportcenter.checkpoint.com...tionid=sk98839

    Thanks,
    Sudomo
    Last edited by WangL; 2016-02-12 at 03:22.

Similar Threads

  1. .rpm error while upgrading from IPSO to GAIA
    By clickmesri in forum R75.40 (GAiA)
    Replies: 1
    Last Post: 2013-11-25, 05:24
  2. upgrading to R76 Gaia
    By r_balest in forum R75.40 (GAiA)
    Replies: 8
    Last Post: 2013-10-07, 07:47
  3. Need Advise for HA
    By bhuraque in forum Clustering (Security Gateway HA and ClusterXL)
    Replies: 0
    Last Post: 2013-04-12, 02:56
  4. SNMP does not work after upgrading to R75.40VS GAIA
    By archie100 in forum R75.40 (GAiA)
    Replies: 0
    Last Post: 2013-03-08, 16:43
  5. problems with upgrading ipso to gaia
    By johan in forum R75.40 (GAiA)
    Replies: 1
    Last Post: 2012-08-17, 12:00

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •