Prior to beginning, create a SPLAT backup and snapshot (commands are "backup" and "snapshot"), and copy them off the box for safe keeping.
Here is the procedure for the upgrade:
1) Login to Dashboard and change the version of the Cluster firewall object to R65. Save and perform an install database (do not push policy)!
2) Select the backup firewall first and perform a cphastop and cpstop
3) Mount the ISO:
- cd /var/tmp/R65
- mount -o loop R65_CD1.iso /mnt/cdrom
- patch add cd
Choose a patch to install:
1) SecurePlatform NGX R65 Upgrade Package (CPspupgrade_R65.tgz)
2) Exit
Your choice: 1
Calculating the MD5 checksum of the package.
The MD5 checksum is: 67d9c047965fe71da7b93939becd1da0
Is that right (Y/N)? y
------------------------------------------------------------------------------------------
Upgrade program will now upgrade your system. This process may take several minutes ..
- *click n*
- *click n*
Do you accept all the terms of this license agreement (Yes/Exit) ?: Click Y for yes
Please select the SmartCenter upgrade option
1 (*) Upgrade
2 ( ) Export SmartCenter configuration
3 ( ) Perform pre-upgrade verification only
- *click n*
Please specify one of the following upgrade options:
1 (*) Upgrade installed products
2 ( ) Upgrade installed products and install new products
- *click n*
You have selected the following products for installation:
* Primary SmartCenter
*click n*
*click n*
*click n*
The upgrade process requires a valid support contract.
1 ( ) Download contract information from User Center
2 ( ) Import a local service contract file
3 (*) Continue without contract information (download later using SmartUpdate)
- *click n*
Your gateway is not eligible for upgrade.
Please remember to download contract information later using SmartUpdate.
Please select the source of the upgrade utilities.
The most up-to-date upgrade utilities are located at Check Point's website
1 ( ) Download most updated files from Check Point's website (recommended)
2 (*) Use the upgrade files from the CD
- *click n*
The pre-Upgrade Verification was completed successfully.
Your configuration is ready for upgrade.
- Click o for ok
Upgrade of Check Point products has been successfully completed.
Installation finished successfully
Please remove Check Point CD from the CDROM drive.
Upgrade files completed successfully.
-------------------------------------------------------------------
In order to complete the upgrade process please reboot your system!
-------------------------------------------------------------------
Patch installed successfully.
[Expert@firewall]# reboot
--------------------------------------------------------------------
Upon reboot perform the following
1) fw ver (should be R65)
2) fw stat (should be initial policy)
3) cphaprob stat ( it should not be taking traffic- it should just say ready)
Before pushing policy we need to patch it with hfa02.
reboot then check following again:
1) fw ver (should be R65)
2) fw stat (should be initial policy)
3) cphaprob stat ( it should not be taking traffic- it should just say ready)
4) Push policy (use the setting that will push policy even if it fails as one of the devices is still running older fw ver.)
5) Once policy successfully installed run:
- fw stat (on new cluster member - validate policy installed)
- cphaprob stat (make sure at 100% active)
- jump on the acitve/primary fw and run
- cphastop
- cpstop
- get back on primary and run cphaprob to make sure your newly upgraded server is taking connections.
Repeat on active/primary
No comments:
Post a Comment