top of page
This site was designed with the
.com
website builder. Create your website today.Start Now

VSX Upgrade R77.30 to R80.30

Summary:

Step 1. Take a snapshot of management server or MDS server

Step 2. Upgrade object for the management of VSX firewall

Step 3. Backup VSX firewalls

Step 4. Upgrade CPUSE

Step 5. Upload and verify upgrade files

Step 6. Upgrade and install jumbo hotfix

Details:

​

Step 1. Take a snapshot of management server or MDS server

​

Step 2. Upgrade object for the management of VSX firewall

​

             Run this on the management server and follow the screen prompt: vsx_util upgrade

​

Step 3. Backup VSX firewalls (also keep a copy of "show configuration")

​

           See: R77 Gaia Admin Guide, search for "System Configuration Backup"

​

            Main SK: sk100395

​

Step 4. Upgrade CPUSE

​

          Download the latest CPUSE from sk92449

​

          Note: if running a version below DeploymentAgent version 802, you will need to manually install the Deployment agent.     

 

          Follow the links:

                 https://checkpointengineer.com/install-gaia-cpuse-deployment-agent/

                                                     And

                 http://dkcheckpoint.blogspot.com/2017/11/how-to-fix-deployment-agent-issues.html

​

                             tar -zxvf DeploymentAgent_000001865_1.tgz

                         rpm -Uhv --force CPda-00-00.i386.rpm

                         killall -v clish clishd

                         $DADIR/bin/dastart

​

Step 5. Upload and verify upgrade files

​

https://supportcenter.checkpoint.com/supportcenter/portal/role/supportcenterUser/page/default.psml/media-type/html?action=portlets.DCFileAction&eventSubmit_doGetdcdetails=&fileid=84065

 

                     installer import local /var/tmp/Check_Point_R80.30_T200_Fresh_Install_and_Upgrade_Security_Gateway.tgz

                    show installer packages

                    installer verify [tab]

                    installer verify 1

​

Step 6. Upgrade and install jumbo hotfix

​

Main SK: https://community.checkpoint.com/t5/General-Management-Topics/R77-30-VSX-appliance-upgrade-to-R80-10/td-p/5838

 

6.1 upgrade the standby first

  • installer upgrade [package_number]

  • Once the firewall reboots, run "fw ver"

  • On the upgraded member, run: cphaprob state

  • Make sure that this cluster member is in the Ready state.

  • On the cluster member that still runs the previous version, run: cphaprob state

  • Make sure that this cluster member is in Active or Active Attention state, and that the upgraded member is in Down state.

 

6.2 install jumbo hotfix on the secondary firewall

 

  • Install jumbo hotfix (note, you will need to transfer the hotfix file after upgrade because it removes all files during upgrade)

  • installer import local /var/tmp/Check_Point_R80_30_JUMBO_HF_Bundle_T155_sk153152_Security_Gateway_and_Standalone_2_6_18_FULL.tgz

  • Installer verify [jumbo_hotfix_package_number]

  • Installer install [jumbo_hotfix_package_number]

 

6.3 upgrade the primary firewall

 

  • On the cluster member that still runs the previous version, run:

            vsenv 0

        fwaccel off -a

        fwaccel stat -a

 

  • On the upgraded cluster member, run: cphaprob state

    • Make sure this cluster member is in Active state and taking traffic

    • Make sure the cluster policy and vsx policy are still attached

    • Check firewall logs and/or ask customer to test

 

  • Failover the firewall cpstop (this will fail over the firewalls)

 

  • If everything looks good, repeat 5.1 and 5.2 to upgrade the primary firewall and install jumbo hotfix

 

6.4 failover the traffic back to the primary firewall

 

6.5 push policy to both cluster and vsx firewalls

​

​

​

​

​

bottom of page