CloudGuard VMSS Solution Upgrade
This section provides instructions for upgrading an already deployed CloudGuard VMSS solution.
The upgrade procedure includes these steps:
-
Deploying a new version of the CloudGuard VMSS solution alongside the older version (a side-by-side upgrade).
-
Reconfiguring Azure resources and Check Point configuration to use this new version of the CloudGuard VMSS solution.
Note - This procedure includes a connection draining mechanism which allows in-flight sessions to complete gracefully before de-allocating Virtual Machines. This ensures continuous service availability and supports zero-downtime deployments during instance scale-in, maintenance, or updates.
-
Deleting the older version of the CloudGuard VMSS solution.
|
Note:
|
Terms:
-
Source - The original template and solution (with the lower version)
-
Target - The new template and solution (with the higher version)

Step |
Description |
||
---|---|---|---|
1 |
Log in to the Azure portal. |
||
2 |
Open the resource group of the source CloudGuard VMSS solution. |
||
3 |
For the External Load Balancer ("frontend-lb") and the Internal Load Balancer ("backend-lb"):
|
||
4 |
Deploy a target CloudGuard VMSS solution from the Azure Marketplace. To do this:
|
||
5 |
Configure the CME template. For this, run:
|
||
6 |
Wait for provisioning to complete and for the policy to install on the new CloudGuard VMSS instances. |
||
7 |
Make sure the new Security Gateway |
||
8 |
Drain connections from source CloudGuard VMSS instances. For that:
|
||
9 |
Monitor traffic drain with this command:
Wait until the number of active connections decreases significantly.
|
||
10 |
Shut down the source CloudGuard VMSS and make sure that traffic flows correctly. For that:
|
||
11 |
Delete the CME template of the source CloudGuard VMSS. For this, run:
|
||
12 |
Delete the corresponding VMSS resource.
|