Upgrade

Side-by-Side Upgrade

Side-by-Side upgrade results in a new NVA Network Virtual Appliance - A resource deployed in Azure's Virtual Hub that includes Security Gateways and other networking infrastructure. with new Gateways deployed.

The IP addresses of the new Gateways are different from the old Gateways IP's.

Follow this procedure:

1. Deploy a new NVA in the Virtual Hub (with a public IP address if you need ingress traffic.).

2. Custom configurations adjustments (if required)

   • Configure the Security Gateways of the NVA with SmartConsole Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on.: Adjust the Security Policy Collection of rules that control network traffic and enforce organization guidelines for data protection and access to resources with packet inspection. to include the new Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. IP.

   • If there is configuration on related machines, update them to use the updated IP (for example BGP settings).

3. If Ingress traffic is configured:

   1. Delete the configured ingress rules using CME API.

   2. Detach the public IP address from the old NVA SLB Software Load Balancer, used to distribute tenant and tenant customer network traffic to virtual network resources. SLB enables multiple servers to host the same workload, providing high availability and scalability.

   3. Attach the public IP address to the new NVA.

   4. Establish the load balancing and NSG rules.

   5. Confirm that the NAT rules are correctly aligned.

4. Install the policy on the new Security Gateways.

5. Navigate to the Virtual Hub and select Routing Intent and Routing Policies.

6. In Next Hop Resource select the new NVA instead of the previous NVA.