Upgrading Security Management Server and Security Gateways

Upgrading Standalone

This section explains how to upgrade a standalone (Security Management Server and Security Gateway installed on one appliance or computer). A Security Management Server upgraded to R76 can enforce and manage gateways from earlier versions. Some new features are not available on earlier versions (see the "Compatibility Tables" in the Release Notes).

Upgrading Standalone Appliances

You can upgrade a Standalone deployment on UTM-1 appliances, certain 2012 Models, and IP appliances.

UTM-1 and 2012 Models

When you upgrade the Check Point release version on the appliance you can also upgrade from SecurePlatform to Gaia. Alternatively, you can upgrade Check Point release version and stay with the SecurePlatform operating system.

Gaia to Gaia

Upgrade Requirements:

Make sure there is enough free disk space to do the upgrade. See the R76 Release Notes.

Using the WebUI: Check the space available for images in the Maintenance > Image Management page.
Using the CLI: In expert mode, run the df -h command and check the available space in /var/log.

To upgrade using the WebUI:

Download the Gaia upgrade package from the Check Point Support Center to the Gaia WebUI client computer.
Check_Point_upg_WEBUI_and_SmartUpdate_R76.Gaia.tgz
Connect to the Gaia WebUI from a Web browser to
https://<management_IP_address>
In the WebUI go to the Maintenance > Upgrade page. (Ensure the View Mode is Advanced.)
Click Upload.
Browse to the location of the upgrade package.
After the package is uploaded, either click Done to add the package to the Upgrade Packages repository, or click Upgrade.
If you added the package to the package repository, select the package, and click Upgrade.

The package is extracted.
After the package is extracted, click OK.
A console window opens.

You are asked if you want to save a snapshot of the system before upgrade. We recommend that you answer Yes.
The pre-upgrade verifier runs. The output is stored in a text file at /tmp/pre_upgrade_out.txt.
If you see the error: "Pre-upgrade verification failed" we recommend that you review the file, fix the problems, and restart the upgrade. Do not take another system snapshot.
You are asked if you want to start the upgrade. Select Yes.
After the upgrade, click Reboot.

To upgrade using the upgrade package, with CLI:

You can upload the TGZ to the WebUI, and upgrade Gaia with CLI commands.

Download the Gaia upgrade package from the Check Point Support Center.
Check_Point_upg_WEBUI_and_SmartUpdate_R76.Gaia.tgz
In the Gaia CLI, enter expert mode.
Use FTP, SCP or similar to transfer the upgrade package to the Gaia appliance or computer. We recommend that you place the package in /var/log/upload.
Exit expert mode.
In clish, register the file as an upgrade package. Run the command:
add upgrade <version> package file <full path>
Run:
upgrade local <version>
For example:
upgrade local R76

You are asked if you want to save a snapshot of the system before upgrade. We recommend that you answer Yes.
The pre-upgrade verifier runs. The output is stored in a text file at /tmp/pre_upgrade_out.txt.
If you see the error: "Pre-upgrade verification failed" we recommend that you review the file, fix the problems, and restart the upgrade. Do not take another system snapshot.
You are asked if you want to start the upgrade. Select Yes.
After the upgrade, type OK to reboot.

To upgrade using an ISO image on a DVD:

Download the Gaia ISO image from the Check Point Support Center.
Check_Point_Install_and_Upgrade_R76.Gaia.iso
Burn the ISO file on a DVD.
Connect an external DVD drive to a USB socket on the appliance or computer.
Run
upgrade cd
You are asked if you want to save a snapshot of the system before upgrade. We recommend that you answer Yes.
The pre-upgrade verifier runs. The output is stored in a text file at /tmp/pre_upgrade_out.txt.
If you see the error: "Pre-upgrade verification failed" we recommend that you review the file, fix the problems, and restart the upgrade. Do not take another system snapshot.
You are asked if you want to start the upgrade. Select Yes.
The upgrade takes place.
After the upgrade, before rebooting, remove the DVD from the drive.
Type OK to reboot.

SecurePlatform to Gaia

Note - When upgrading from SecurePlatform to Gaia, the size of the disk partitions does not change. To have larger disk partitions, you need to do a clean installation of Gaia.

You can upgrade from the SecurePlatform operating system to the Gaia operating system.

To upgrade a SecurePlatform appliance:

Upgrade product licenses to R75 or higher, and attach the licenses to the appliance.
Download the appliance upgrade package.
Check_Point_upg_WEBUI_and_SmartUpdate_R76.Gaia.tgz
Connect to the SecurePlatform appliance from a Web browser to https://<appliance_ip_address>.
In the login page, enter an administrator username and password.
Go to the Upgrade page.
Upload the appliance upgrade package to the appliance.
Ignore any warning messages.
Continue according to the on-screen instructions.
After the upgrade is complete, the appliance boots to Gaia.

Note - The connection to the SecurePlatform WebUI closes after Gaia is installed.
Install the Policy on the Security Gateway. This is highly recommended. The Security Gateway enforces the Initial Policy until you install the Policy:
1. Using SmartDashboard of the correct version, connect to the Security Management server.
2. Open the General Properties page of the Gateway object.
3. Click Get to update the Platform details.
4. Install the policy on the Gateway.

If the Gaia appliance has more than 4 GB of memory, it automatically boots to the 64-bit edition. Otherwise, it boots to the 32-bit edition.

If you upgrade and the appliance has more than 4 GB, the appliance boots to the 32-bit edition. You can configure Gaia to automatically boot to the 64-bit edition.

To configure Gaia to automatically boot to the 64-bit edition:

Run set edition default 64-bit
Run save config
Reboot

Note - The appliance must have at least 6 GB of memory for this to work.

To see which edition is running:

Go to the WebUI System Overview pane. The edition shows in the System Overview widget.
or
Run: show version os edition

SecurePlatform to SecurePlatform

Use the WebUI of the appliance to upgrade Standalone UTM-1 and 2012 Model appliances.

To upgrade appliances using the WebUI:

Open Internet Explorer and log in to the appliance.
Select Appliance > Upgrade.
Click Check Point Download Center.
The Internet browser opens to the Check Point Support Center.
Search for and download the R76 upload package file.
In the WebUI, click Upload upgrade package to appliance.
The Upload Package to Appliance window opens.
Select the upgrade file:
Check_Point_upg_WEBUI_and_SmartUpdate_R76.SecurePlatform.tgz
Click Upload.
Click Start Upgrade.
Before the upgrade begins, an image is created of the system and is used to revert to in the event the upgrade is not successful.
The Save an Image before Upgrade page, displays the image information.

Click Next.
In the Safe Upgrade section, select Safe upgrade to require a successful login after the upgrade is complete. If no login takes place within the configured amount of time, the system will revert to the saved image.
Click Next.
The Current Upgrade File on Appliance section displays the information of the current upgrade.
To begin the upgrade, click Start.

IP Appliances

Gaia to Gaia

Upgrade Requirements:

Make sure there is enough free disk space to do the upgrade. See the R76 Release Notes.

Using the WebUI: Check the space available for images in the Maintenance > Image Management page.
Using the CLI: In expert mode, run the df -h command and check the available space in /var/log.

To upgrade using the WebUI:

Download the Gaia upgrade package from the Check Point Support Center to the Gaia WebUI client computer.
Check_Point_upg_WEBUI_and_SmartUpdate_R76.Gaia.tgz
Connect to the Gaia WebUI from a Web browser to
https://<management_IP_address>
In the WebUI go to the Maintenance > Upgrade page. (Ensure the View Mode is Advanced.)
Click Upload.
Browse to the location of the upgrade package.
After the package is uploaded, either click Done to add the package to the Upgrade Packages repository, or click Upgrade.
If you added the package to the package repository, select the package, and click Upgrade.

The package is extracted.
After the package is extracted, click OK.
A console window opens.

You are asked if you want to save a snapshot of the system before upgrade. We recommend that you answer Yes.
The pre-upgrade verifier runs. The output is stored in a text file at /tmp/pre_upgrade_out.txt.
If you see the error: "Pre-upgrade verification failed" we recommend that you review the file, fix the problems, and restart the upgrade. Do not take another system snapshot.
You are asked if you want to start the upgrade. Select Yes.
After the upgrade, click Reboot.

To upgrade using the upgrade package, with CLI:

You can upload the TGZ to the WebUI, and upgrade Gaia with CLI commands.

Download the Gaia upgrade package from the Check Point Support Center.
Check_Point_upg_WEBUI_and_SmartUpdate_R76.Gaia.tgz
In the Gaia CLI, enter expert mode.
Use FTP, SCP or similar to transfer the upgrade package to the Gaia appliance or computer. We recommend that you place the package in /var/log/upload.
Exit expert mode.
In clish, register the file as an upgrade package. Run the command:
add upgrade <version> package file <full path>
Run:
upgrade local <version>
For example:
upgrade local R76

You are asked if you want to save a snapshot of the system before upgrade. We recommend that you answer Yes.
The pre-upgrade verifier runs. The output is stored in a text file at /tmp/pre_upgrade_out.txt.
If you see the error: "Pre-upgrade verification failed" we recommend that you review the file, fix the problems, and restart the upgrade. Do not take another system snapshot.
You are asked if you want to start the upgrade. Select Yes.
After the upgrade, type OK to reboot.

IPSO to IPSO

For IPSO requirements see the R76 Release Notes.

To upgrade to R76 on IPSO:

Upgrade to IPSO 6.2 MR4. See the IPSO 6.2 MR4 Release Notes.
Upgrade to R76 for IPSO.

Upgrading Standalone Open Servers

Before you upgrade:

Gaia to Gaia

Upgrade Requirements:

Make sure there is enough free disk space to do the upgrade. See the R76 Release Notes.

Using the WebUI: Check the space available for images in the Maintenance > Image Management page.
Using the CLI: In expert mode, run the df -h command and check the available space in /var/log.

To upgrade using the WebUI:

Download the Gaia upgrade package from the Check Point Support Center to the Gaia WebUI client computer.
Check_Point_upg_WEBUI_and_SmartUpdate_R76.Gaia.tgz
Connect to the Gaia WebUI from a Web browser to
https://<management_IP_address>
In the WebUI go to the Maintenance > Upgrade page. (Ensure the View Mode is Advanced.)
Click Upload.
Browse to the location of the upgrade package.
After the package is uploaded, either click Done to add the package to the Upgrade Packages repository, or click Upgrade.
If you added the package to the package repository, select the package, and click Upgrade.

The package is extracted.
After the package is extracted, click OK.
A console window opens.

You are asked if you want to save a snapshot of the system before upgrade. We recommend that you answer Yes.
The pre-upgrade verifier runs. The output is stored in a text file at /tmp/pre_upgrade_out.txt.
If you see the error: "Pre-upgrade verification failed" we recommend that you review the file, fix the problems, and restart the upgrade. Do not take another system snapshot.
You are asked if you want to start the upgrade. Select Yes.
After the upgrade, click Reboot.

To upgrade using the upgrade package, with CLI:

You can upload the TGZ to the WebUI, and upgrade Gaia with CLI commands.

Download the Gaia upgrade package from the Check Point Support Center.
Check_Point_upg_WEBUI_and_SmartUpdate_R76.Gaia.tgz
In the Gaia CLI, enter expert mode.
Use FTP, SCP or similar to transfer the upgrade package to the Gaia appliance or computer. We recommend that you place the package in /var/log/upload.
Exit expert mode.
In clish, register the file as an upgrade package. Run the command:
add upgrade <version> package file <full path>
Run:
upgrade local <version>
For example:
upgrade local R76

You are asked if you want to save a snapshot of the system before upgrade. We recommend that you answer Yes.
The pre-upgrade verifier runs. The output is stored in a text file at /tmp/pre_upgrade_out.txt.
If you see the error: "Pre-upgrade verification failed" we recommend that you review the file, fix the problems, and restart the upgrade. Do not take another system snapshot.
You are asked if you want to start the upgrade. Select Yes.
After the upgrade, type OK to reboot.

To upgrade using an ISO image on a DVD:

Download the Gaia ISO image from the Check Point Support Center.
Check_Point_Install_and_Upgrade_R76.Gaia.iso
Burn the ISO file on a DVD.
Connect an external DVD drive to a USB socket on the appliance or computer.
Run
upgrade cd
You are asked if you want to save a snapshot of the system before upgrade. We recommend that you answer Yes.
The pre-upgrade verifier runs. The output is stored in a text file at /tmp/pre_upgrade_out.txt.
If you see the error: "Pre-upgrade verification failed" we recommend that you review the file, fix the problems, and restart the upgrade. Do not take another system snapshot.
You are asked if you want to start the upgrade. Select Yes.
The upgrade takes place.
After the upgrade, before rebooting, remove the DVD from the drive.
Type OK to reboot.

SecurePlatform to Gaia

Use this procedure to upgrade a SecurePlatform computer on to a Gaia computer. Upgrade the operating system and the installed products.

Note - When upgrading from SecurePlatform to Gaia, the size of the disk partitions does not change. To have larger disk partitions, you need to do a clean installation of Gaia.

To upgrade an open server using the DVD:

Upgrade your product licenses to R75 or higher, and attach the licenses to the Security Gateway or standalone server.
Insert the R76 DVD into the drive.
At the command prompt, enter: patch add cd
Select the Gaia upgrade package.
Confirm the MD5 checksum.
If relevant, when prompted, create a backup image for automatic revert.
After extracting files, the Installation program opens.
Accept the license agreement.
Select upgrade.
Configure your contract options.
You can also continue without contract information and configure it later using SmartUpdate.
Select a source for the upgrade utilities.
Wait for the pre-upgrade verifier to complete successfully.
Select Stop Check Point processes.
Select Upgrade installed products, or upgrade installed products and add new products, and confirm.
Wait while the required installation files are extracted.
1. Part one of the upgrade procedure saves data and upgrades the operating system.
2. Part two upgrades Check Point products.
After the upgrade completes successfully, remove the DVD from the drive.
Reboot when prompted.
Install the Policy on the Security Gateway. This is highly recommended. The Security Gateway enforces the Initial Policy until you install the Policy:
1. Using SmartDashboard of the correct version, connect to the Security Management server.
2. Open the General Properties page of the Gateway object.
3. Click Get to update the Platform details.
4. Install the policy on the Gateway.

To upgrade a SecurePlatform Open Server using the WebUI:

Open Internet Explorer and log in to the SecurePlatform WebUI.
Select Device > Upgrade.
Click Check Point Download Center.
The Internet browser opens to the Check Point Support Center.
Search for and download the R76 file for upgrades via the WebUI.
Click Browse and select the upgrade file:
Check_Point_upg_WEBUI_and_SmartUpdate_R76.Gaia.tgz
Click Upload package to device.
The package is uploaded to the SecurePlatform computer.

After the Upgrade Status shows that the Uploading is Completed you can start the upgrade.
Recommended: In the Safe Upgrade section, click Save snapshot of the current system before the upgrade. The snapshot is used to revert the system if the upgrade is not successful.
Click Start Upgrade.
Follow the Upgrade Status. After the upgrade, the computer automatically reboots.

Note - The connection to the SecurePlatform WebUI closes after Gaia is installed.
Install the Policy on the Security Gateway. This is highly recommended. The Security Gateway enforces the Initial Policy until you install the Policy:
1. Using SmartDashboard of the correct version, connect to the Security Management server.
2. Open the General Properties page of the Gateway object.
3. Click Get to update the Platform details.
4. Install the policy on the Gateway.

SecurePlatform to SecurePlatform

Use this procedure to upgrade a SecurePlatform installation on the same computer. Upgrade the operating system and the installed products.

To upgrade a SecurePlatform Open Server using a DVD:

Insert R76 DVD into the drive.
At the command prompt, enter: patch add cd
Select SecurePlatform R76 Upgrade Package
Check_Point_Install_and_Upgrade_R76.SecurePlatform_Open_Server.iso
Press y to accept the checksum calculation.
Optional: When prompted, create a backup image so that you can restore the old version.

Note - Creating the snapshot image can take a long time. Check Point products are stopped during this time.
Press N at the welcome message.
Press Y to accept the license agreement.
In the next window, select Upgrade and then press N.
In the next window, press N to continue.
If prompted to download or import a valid support contract, select Continue without contract information. Press N to continue.
If a message shows that says your gateway is not eligible for upgrade, press N to continue.
You can safely ignore this message and use SmartUpdate to update your service contract later.
In the next window, select Download most updated files.
In the Pre-Upgrade Verification Results window, press N to continue.
If the Pre-Upgrade Verification fails, do the suggested steps to correct the problem. Start this procedure again from step 2.
When prompted, select Stop Check Point processes and press N to continue.
When prompted, select Upgrade installed products and press N to continue.
In the Validation window, press N.
When the upgrade completes successfully, restart the computer.

To upgrade a SecurePlatform Open Server using the WebUI:

Open Internet Explorer and log in to the SecurePlatform WebUI.
Select Device > Upgrade.
Click Check Point Download Center.
The Internet browser opens to the Check Point Support Center.
Search for and download the R76 file for upgrades via the WebUI.
Click Browse and select the upgrade file:
Check_Point_upg_WEBUI_and_SmartUpdate_R76.SecurePlatform.tgz
Click Upload package to device.
The package is uploaded to the SecurePlatform computer.

After the Upgrade Status shows that the Uploading is Completed you can start the upgrade.
Recommended: In the Safe Upgrade section, click Save snapshot of the current system before the upgrade. The snapshot is used to revert the system if the upgrade is not successful.
Your browser will automatically try to perform the first login immediately after the upgrade. To allow this, do not close the browser window or browse to another page.
Click Start Upgrade.
Follow the Upgrade Status. After the upgrade, the computer automatically reboots.
Install the Policy on the Security Gateway. This is highly recommended. The Security Gateway enforces the Initial Policy until you install the Policy:
1. Using SmartDashboard of the correct version, connect to the Security Management server.
2. Open the General Properties page of the Gateway object.
3. Click Get to update the Platform details.
4. Install the policy on the Gateway.

Windows to Windows

Use this procedure to upgrade a Windows installation on the computer. Upgrade the installed products.

To upgrade a Windows standalone computer:

Insert the R76 DVD into the drive. The Installation Wizard starts automatically.
If the wizard does not start automatically, manually run setup.exe from the DVD drive.
Click Next at the welcome message.
Accept the license agreement and click Next.
Select Upgrade and click Next.
On the next screen, click Next.
If prompted to download or import a valid support contract, select Continue without contract information. Click Next to continue.
If a message shows that says your gateway is not eligible for upgrade.
You can safely ignore this message and use SmartUpdate to update your service contract later. Click Next.
Select Download most updated files and click Next.
In the Pre-Upgrade Verification Results window, click Next.
If the Pre-Upgrade Verification fails, do the suggested steps to correct the problem. Start this procedure again from step 2.
When prompted to add new products, clear Add new products and then click Next.
You can add new products at a later time.
Click Next at the confirmation message.
When the installation completes successfully, click Finish.
When prompted, restart the computer.

Upgrading the Security Management Server

You do not have to upgrade the Security Management server and all of the gateways at the same time. When the Security Management server is upgraded, you can still manage gateways from earlier versions (though the gateways may not support new features).

Important - To upgrade to R76 Gaia, make sure there is enough free disk space in /var/log. See the R76 Release Notes.

Use the Pre-Upgrade Verification tool to reduce the risk of incompatibility with your existing environment. The Pre-Upgrade Verification tool generates a detailed report of the actions to take before an upgrade.

There are different upgrade methods for the Security Management server:

Upgrade Production Security Management server
Migrate and Upgrade to a New Security Management server

Important - After upgrade, you cannot restore a version with a database revision that was made with the old version. You can see old version database saves in Read-Only mode.

Upgrading Security Management Server on Appliances

You can upgrade a Security Management server on some Smart-1 appliances, 2012 Models and open servers.

Smart-1 and 2012 Models

You can upgrade a 2012 Model appliance from SecurePlatform to Gaia, or you can upgrade the SecurePlatform version.

Gaia to Gaia

Upgrade Requirements:

Make sure there is enough free disk space to do the upgrade. See the R76 Release Notes.

Using the WebUI: Check the space available for images in the Maintenance > Image Management page.
Using the CLI: In expert mode, run the df -h command and check the available space in /var/log.

To upgrade using the WebUI:

Download the Gaia upgrade package from the Check Point Support Center to the Gaia WebUI client computer.
Check_Point_upg_WEBUI_and_SmartUpdate_R76.Gaia.tgz
Connect to the Gaia WebUI from a Web browser to
https://<management_IP_address>
In the WebUI go to the Maintenance > Upgrade page. (Ensure the View Mode is Advanced.)
Click Upload.
Browse to the location of the upgrade package.
After the package is uploaded, either click Done to add the package to the Upgrade Packages repository, or click Upgrade.
If you added the package to the package repository, select the package, and click Upgrade.

The package is extracted.
After the package is extracted, click OK.
A console window opens.

You are asked if you want to save a snapshot of the system before upgrade. We recommend that you answer Yes.
The pre-upgrade verifier runs. The output is stored in a text file at /tmp/pre_upgrade_out.txt.
If you see the error: "Pre-upgrade verification failed" we recommend that you review the file, fix the problems, and restart the upgrade. Do not take another system snapshot.
You are asked if you want to start the upgrade. Select Yes.
After the upgrade, click Reboot.

To upgrade using the upgrade package, with CLI:

You can upload the TGZ to the WebUI, and upgrade Gaia with CLI commands.

Download the Gaia upgrade package from the Check Point Support Center.
Check_Point_upg_WEBUI_and_SmartUpdate_R76.Gaia.tgz
In the Gaia CLI, enter expert mode.
Use FTP, SCP or similar to transfer the upgrade package to the Gaia appliance or computer. We recommend that you place the package in /var/log/upload.
Exit expert mode.
In clish, register the file as an upgrade package. Run the command:
add upgrade <version> package file <full path>
Run:
upgrade local <version>
For example:
upgrade local R76

You are asked if you want to save a snapshot of the system before upgrade. We recommend that you answer Yes.
The pre-upgrade verifier runs. The output is stored in a text file at /tmp/pre_upgrade_out.txt.
If you see the error: "Pre-upgrade verification failed" we recommend that you review the file, fix the problems, and restart the upgrade. Do not take another system snapshot.
You are asked if you want to start the upgrade. Select Yes.
After the upgrade, type OK to reboot.

To upgrade using an ISO image on a DVD:

Download the Gaia ISO image from the Check Point Support Center.
Check_Point_Install_and_Upgrade_R76.Gaia.iso
Burn the ISO file on a DVD.
Connect an external DVD drive to a USB socket on the appliance or computer.
Run
upgrade cd
You are asked if you want to save a snapshot of the system before upgrade. We recommend that you answer Yes.
The pre-upgrade verifier runs. The output is stored in a text file at /tmp/pre_upgrade_out.txt.
If you see the error: "Pre-upgrade verification failed" we recommend that you review the file, fix the problems, and restart the upgrade. Do not take another system snapshot.
You are asked if you want to start the upgrade. Select Yes.
The upgrade takes place.
After the upgrade, before rebooting, remove the DVD from the drive.
Type OK to reboot.

SecurePlatform to Gaia

Note - When upgrading from SecurePlatform to Gaia, the size of the disk partitions does not change. To have larger disk partitions, you need to do a clean installation of Gaia.

You can upgrade from the SecurePlatform operating system to the Gaia operating system.

To upgrade a SecurePlatform appliance:

Upgrade product licenses to R75 or higher, and attach the licenses to the appliance.
Download the appliance upgrade package.
Check_Point_upg_WEBUI_and_SmartUpdate_R76.Gaia.tgz
Connect to the SecurePlatform appliance from a Web browser to https://<appliance_ip_address>.
In the login page, enter an administrator username and password.
Go to the Upgrade page.
Upload the appliance upgrade package to the appliance.
Ignore any warning messages.
Continue according to the on-screen instructions.
After the upgrade is complete, the appliance boots to Gaia.

Note - The connection to the SecurePlatform WebUI closes after Gaia is installed.
Install the Policy on the Security Gateway. This is highly recommended. The Security Gateway enforces the Initial Policy until you install the Policy:
1. Using SmartDashboard of the correct version, connect to the Security Management server.
2. Open the General Properties page of the Gateway object.
3. Click Get to update the Platform details.
4. Install the policy on the Gateway.

SecurePlatform to SecurePlatform

Use the WebUI of the appliance to upgrade Security Management server Smart-1 and 2012 Model appliances.

To upgrade appliances using the WebUI:

Open Internet Explorer and log in to the appliance.
Select Appliance > Upgrade.
Click Check Point Download Center.
The Internet browser opens to the Check Point Support Center.
Search for and download the R76 upload package file.
In the WebUI, click Upload upgrade package to appliance.
The Upload Package to Appliance window opens.
Select the upgrade file:
Check_Point_upg_WEBUI_and_SmartUpdate_R76.SecurePlatform.tgz
Click Upload.
Click Start Upgrade.
Before the upgrade begins, an image is created of the system and is used to revert to in the event the upgrade is not successful.
The Save an Image before Upgrade page, displays the image information.

Click Next.
In the Safe Upgrade section, select Safe upgrade to require a successful login after the upgrade is complete. If no login takes place within the configured amount of time, the system will revert to the saved image.
Click Next.
The Current Upgrade File on Appliance section displays the information of the current upgrade.
To begin the upgrade, click Start.

Upgrading Security Management Server on Open Servers

A Security Management server on any computer that meets the minimum requirements can be upgraded. You can upgrade from SecurePlatform to Gaia, or you can upgrade the SecurePlatform version. On a Windows Security Management server, you can upgrade the installed Check Point products.

Before you upgrade:

It is recommended to back up your current configuration.

Gaia to Gaia

Upgrade Requirements:

Make sure there is enough free disk space to do the upgrade. See the R76 Release Notes.

Using the WebUI: Check the space available for images in the Maintenance > Image Management page.
Using the CLI: In expert mode, run the df -h command and check the available space in /var/log.

To upgrade using the WebUI:

Download the Gaia upgrade package from the Check Point Support Center to the Gaia WebUI client computer.
Check_Point_upg_WEBUI_and_SmartUpdate_R76.Gaia.tgz
Connect to the Gaia WebUI from a Web browser to
https://<management_IP_address>
In the WebUI go to the Maintenance > Upgrade page. (Ensure the View Mode is Advanced.)
Click Upload.
Browse to the location of the upgrade package.
After the package is uploaded, either click Done to add the package to the Upgrade Packages repository, or click Upgrade.
If you added the package to the package repository, select the package, and click Upgrade.

The package is extracted.
After the package is extracted, click OK.
A console window opens.

You are asked if you want to save a snapshot of the system before upgrade. We recommend that you answer Yes.
The pre-upgrade verifier runs. The output is stored in a text file at /tmp/pre_upgrade_out.txt.
If you see the error: "Pre-upgrade verification failed" we recommend that you review the file, fix the problems, and restart the upgrade. Do not take another system snapshot.
You are asked if you want to start the upgrade. Select Yes.
After the upgrade, click Reboot.

To upgrade using the upgrade package, with CLI:

You can upload the TGZ to the WebUI, and upgrade Gaia with CLI commands.

Download the Gaia upgrade package from the Check Point Support Center.
Check_Point_upg_WEBUI_and_SmartUpdate_R76.Gaia.tgz
In the Gaia CLI, enter expert mode.
Use FTP, SCP or similar to transfer the upgrade package to the Gaia appliance or computer. We recommend that you place the package in /var/log/upload.
Exit expert mode.
In clish, register the file as an upgrade package. Run the command:
add upgrade <version> package file <full path>
Run:
upgrade local <version>
For example:
upgrade local R76

You are asked if you want to save a snapshot of the system before upgrade. We recommend that you answer Yes.
The pre-upgrade verifier runs. The output is stored in a text file at /tmp/pre_upgrade_out.txt.
If you see the error: "Pre-upgrade verification failed" we recommend that you review the file, fix the problems, and restart the upgrade. Do not take another system snapshot.
You are asked if you want to start the upgrade. Select Yes.
After the upgrade, type OK to reboot.

To upgrade using an ISO image on a DVD:

Download the Gaia ISO image from the Check Point Support Center.
Check_Point_Install_and_Upgrade_R76.Gaia.iso
Burn the ISO file on a DVD.
Connect an external DVD drive to a USB socket on the appliance or computer.
Run
upgrade cd
You are asked if you want to save a snapshot of the system before upgrade. We recommend that you answer Yes.
The pre-upgrade verifier runs. The output is stored in a text file at /tmp/pre_upgrade_out.txt.
If you see the error: "Pre-upgrade verification failed" we recommend that you review the file, fix the problems, and restart the upgrade. Do not take another system snapshot.
You are asked if you want to start the upgrade. Select Yes.
The upgrade takes place.
After the upgrade, before rebooting, remove the DVD from the drive.
Type OK to reboot.

SecurePlatform to Gaia

Use this procedure to upgrade the SecurePlatform operating system to Gaia, and to upgrade the installed products.

Note - When upgrading from SecurePlatform to Gaia, the size of the disk partitions does not change. To have larger disk partitions, you need to do a clean installation of Gaia.

To upgrade Security Management Server on Gaia open servers:

Upgrade product licenses to R75 or higher, and attach the licenses to the appliance.
Connect a DVD drive to the USB port on the computer.
Run: patch add cd
Select the Gaia upgrade package.
Confirm the MD5 checksum.
When prompted, create a backup image for automatic revert.
After extracting files, the Installation program opens.
Accept the license agreement.
Select upgrade.
Configure your contract options.
You can also continue without contract information and configure it later using SmartUpdate.
Select a source for the upgrade utilities.
Wait for the pre-upgrade verifier to complete successfully.
Select Stop Check Point processes.
Select Upgrade installed products, or upgrade installed products and add new products, and confirm.
Wait while the required installation files are extracted.
1. Part one of the upgrade procedure saves data and upgrades the operating system.
2. Part two upgrades Check Point products.
After the upgrade completes successfully, remove the DVD from the drive.
Restart when prompted.
Install the Policy on the Security Gateway. This is highly recommended. The Security Gateway enforces the Initial Policy until you install the Policy:
1. Using SmartDashboard of the correct version, connect to the Security Management server.
2. Open the General Properties page of the Gateway object.
3. Click Get to update the Platform details.
4. Install the policy on the Gateway.

To upgrade a SecurePlatform Open Server using the WebUI:

Open Internet Explorer and log in to the SecurePlatform WebUI.
Select Device > Upgrade.
Click Check Point Download Center.
The Internet browser opens to the Check Point Support Center.
Search for and download the R76 file for upgrades via the WebUI.
Click Browse and select the upgrade file:
Check_Point_upg_WEBUI_and_SmartUpdate_R76.Gaia.tgz
Click Upload package to device.
The package is uploaded to the SecurePlatform computer.

After the Upgrade Status shows that the Uploading is Completed you can start the upgrade.
Recommended: In the Safe Upgrade section, click Save snapshot of the current system before the upgrade. The snapshot is used to revert the system if the upgrade is not successful.
Click Start Upgrade.
Follow the Upgrade Status. After the upgrade, the computer automatically reboots.

Note - The connection to the SecurePlatform WebUI closes after Gaia is installed.

SecurePlatform to SecurePlatform

Use this procedure to upgrade a SecurePlatform installation on the same computer. Upgrade the operating system and the installed products.

To upgrade a SecurePlatform Open Server using a DVD:

Insert R76 DVD into the drive.
At the command prompt, enter: patch add cd
Select SecurePlatform R76 Upgrade Package
Check_Point_Install_and_Upgrade_R76.SecurePlatform_Open_Server.iso
Press y to accept the checksum calculation.
Optional: When prompted, create a backup image so that you can restore the old version.

Note - Creating the snapshot image can take a long time. Check Point products are stopped during this time.
Press N at the welcome message.
Press Y to accept the license agreement.
In the next window, select Upgrade and then press N.
In the next window, press N to continue.
If prompted to download or import a valid support contract, select Continue without contract information. Press N to continue.
If a message shows that says your gateway is not eligible for upgrade, press N to continue.
You can safely ignore this message and use SmartUpdate to update your service contract later.
In the next window, select Download most updated files.
In the Pre-Upgrade Verification Results window, press N to continue.
If the Pre-Upgrade Verification fails, do the suggested steps to correct the problem. Start this procedure again from step 2.
When prompted, select Stop Check Point processes and press N to continue.
When prompted, select Upgrade installed products and press N to continue.
In the Validation window, press N.
When the upgrade completes successfully, restart the computer.

To upgrade a SecurePlatform Open Server using the WebUI:

Open Internet Explorer and log in to the SecurePlatform WebUI.
Select Device > Upgrade.
Click Check Point Download Center.
The Internet browser opens to the Check Point Support Center.
Search for and download the R76 file for upgrades via the WebUI.
Click Browse and select the upgrade file:
Check_Point_upg_WEBUI_and_SmartUpdate_R76.SecurePlatform.tgz
Click Upload package to device.
The package is uploaded to the SecurePlatform computer.

After the Upgrade Status shows that the Uploading is Completed you can start the upgrade.
Recommended: In the Safe Upgrade section, click Save snapshot of the current system before the upgrade. The snapshot is used to revert the system if the upgrade is not successful.
Your browser will automatically try to perform the first login immediately after the upgrade. To allow this, do not close the browser window or browse to another page.
Click Start Upgrade.
Follow the Upgrade Status. After the upgrade, the computer automatically reboots.

Windows to Windows

Before you begin, back up the server.

To upgrade a Windows Security Management Server:

Insert the R76 DVD.
If the upgrade does not start automatically, run Setup.exe from the DVD.
Click Next to start the installation wizard.
Accept the license agreement and click Next.
Click Next to check your license information.
From the Upgrade Options screen, select Upgrade and click Next.
Follow the support contract and upgrade utility screens.
When the pre-upgrade verification recommendation appears, select to execute the Pre-upgrade Verification Tool.
Select Add new products and click Next.
Note - SmartReporter is installed by default, if it was not installed before.

Depending on the components you have chosen to install, you many need to install other components. Follow the instructions.

A list of the products that will be upgraded appears. Click Next.

The new components are installed and the Security Management server is upgraded. The progress of each component is indicated in the progress bar. Upon completion, a summary appears.

Note - In Windows Server 2003, if Microsoft.Net framework 2.0 is not installed, it will be installed before the Check Point components.
Follow the instructions for license management and fingerprint handling.
Click Finish.
When prompted, restart the Security Management Server.

Upgrading Endpoint Security

To upgrade to R76 from E80.40, use the upgrade procedures in this guide. After the upgrade you will have Endpoint Security E80.40 on an R76 Security Management Server.

To upgrade to R76 from E80.41 Endpoint Security Server, use the upgrade procedures in this guide. After the upgrade, you can get the E80.41 Endpoint Security clients and SmartConsole manually from sk92343. After these steps you will have Endpoint Security E80.41 on an R76 Security Management Server.

Upgrading Security Gateways

You can upgrade Security Gateways using one of these methods:

SmartUpdate: Centrally upgrade and manage Check Point software and licenses from a SmartConsole client.
Local Upgrade: Do a local upgrade on the Security Gateway itself.

Upgrading Gateways using SmartUpdate

SmartUpdate is the primary tool used for upgrading Check Point gateways. The following features and tools are available in SmartUpdate:

Upgrade All Packages: This feature upgrades all packages installed on a gateway. For IPSO and SecurePlatform, this feature also upgrades your operating system as a part of the upgrade procedure. The SmartUpdate "Upgrade all Packages" option supports HFAs, i.e., it will suggest upgrading the gateway with the latest HFA if a HFA package is available in the Package Repository. "Upgrade All" is the recommended method. In addition, there is an advanced method to install (distribute) packages one by one.
Add Package to Repository: SmartUpdate provides three "helper" tools for adding packages to the Package Repository:
- From CD/DVD: Adds a package from the Check Point DVD.
- From File: Adds a package that you have stored locally.
- From Download Center: Adds a package from the Check Point Download Center.
Get Check Point Gateway Data: This tool updates SmartUpdate with the current Check Point or OPSEC third-party packages installed on a specific gateway or for your entire enterprise.
Check for Updates: This feature, available from the SmartDashboard Tools menu, locates the latest HFA on the Check Point Download Center, and adds it to the Package Repository.

Configuring the Security Management Server for SmartUpdate

To configure the Security Management server for SmartUpdate:

Install the latest version of SmartConsole, including SmartUpdate.
Define the remote Check Point gateways in SmartDashboard (for a new Security Management server installation).
Verify that your Security Management server contains the correct license to use SmartUpdate.
Verify that the Administrator SmartUpdate permissions (as defined in the cpconfig configuration tool) are Read/Write.
To enable SmartUpdate connections to the gateways, make sure that Policy Global Properties > FireWall > Firewall Implied Rules > Accept SmartUpdate Connections (SmartUpdate) is selected. By default, it is selected.

Add Packages to the Package Repository

Use SmartUpdate to add packages to and delete packages from the Package Repository:

directly from the Check Point Download Center website (Packages > Add > From Download Center),
by adding them from the Check Point DVD (Packages > Add > From CD/DVD),
by importing a file (Packages > Add > From File).

When adding the package to the Package Repository, the package file is transferred to the Security Management server. When the Operation Status window opens, you can verify the success of the operation. The Package Repository is then updated to show the new package object.

Gateway Upgrade - SmartUpdate

To update a gateway using SmartUpdate:

From SmartUpdate > Packages > Upgrade All Packages select one or more gateways and click Continue.
The Upgrade All Packages window opens, and in the Upgrade Verification list you can see which gateways can or cannot be upgraded.
- To see a list of which packages will be installed on the gateways that can be upgraded, select the gateway and click the Details button.
- For an explanation as to why a gateway cannot be upgraded, select the relevant gateway and click the Details button.
From the list provided, select the gateways that can be upgraded and click Upgrade.

Note - The Allow reboot option (selected by default) is required in order to activate the newly installed packages.

The Operation Status pane opens and shows the progress of the installation. Each operation is represented by a single entry. Double click the entry to open the Operation Details window, which shows the operation history.

The following operations are performed during the installation process:

The Check Point Remote Installation Daemon connects to the Check Point gateway.
Verification for sufficient disk space.
Verification of the package dependencies.
The package is transferred to the gateway if it is not already there.
The package is installed on the gateway.
Enforcement policies are compiled for the new version.
The gateway is rebooted if the Allow Reboot option was selected and the package requires it.
The gateway version is updated in SmartDashboard.
The installed packages are updated in SmartUpdate.

Upgrading Security Gateways on Appliances

UTM-1, Power-1, and 2012 Models

Gaia to Gaia

Upgrade Requirements:

Make sure there is enough free disk space to do the upgrade. See the R76 Release Notes.

Using the WebUI: Check the space available for images in the Maintenance > Image Management page.
Using the CLI: In expert mode, run the df -h command and check the available space in /var/log.

To upgrade using the WebUI:

Download the Gaia upgrade package from the Check Point Support Center to the Gaia WebUI client computer.
Check_Point_upg_WEBUI_and_SmartUpdate_R76.Gaia.tgz
Connect to the Gaia WebUI from a Web browser to
https://<management_IP_address>
In the WebUI go to the Maintenance > Upgrade page. (Ensure the View Mode is Advanced.)
Click Upload.
Browse to the location of the upgrade package.
After the package is uploaded, either click Done to add the package to the Upgrade Packages repository, or click Upgrade.
If you added the package to the package repository, select the package, and click Upgrade.

The package is extracted.
After the package is extracted, click OK.
A console window opens.

You are asked if you want to save a snapshot of the system before upgrade. We recommend that you answer Yes.
You are asked if you want to start the upgrade. Select Yes.
After the upgrade, click Reboot.

To upgrade using the upgrade package, with CLI:

You can upload the TGZ to the WebUI, and upgrade Gaia with CLI commands.

Download the Gaia upgrade package from the Check Point Support Center.
Check_Point_upg_WEBUI_and_SmartUpdate_R76.Gaia.tgz
In the Gaia CLI, enter expert mode.
Use FTP, SCP or similar to transfer the upgrade package to the Gaia appliance or computer. We recommend that you place the package in /var/log/upload.
Exit expert mode.
In clish, register the file as an upgrade package. Run the command:
add upgrade <version> package file <full path>
Run:
upgrade local <version>
For example:
upgrade local R76

You are asked if you want to save a snapshot of the system before upgrade. We recommend that you answer Yes.
You are asked if you want to start the upgrade. Select Yes.
After the upgrade, type OK to reboot.

To upgrade using an ISO image on a DVD:

Download the Gaia ISO image from the Check Point Support Center.
Check_Point_Install_and_Upgrade_R76.Gaia.iso
Burn the ISO file on a DVD.
Connect an external DVD drive to a USB socket on the appliance or computer.
Run
upgrade cd
You are asked if you want to save a snapshot of the system before upgrade. We recommend that you answer Yes.
You are asked if you want to start the upgrade. Select Yes.
The upgrade takes place.
After the upgrade, before rebooting, remove the DVD from the drive.
Type OK to reboot.

SecurePlatform to Gaia

You can upgrade from the SecurePlatform operating system to the Gaia operating system.

To upgrade a SecurePlatform appliance:

Upgrade product licenses to R75 or higher, and attach the licenses to the appliance.
Download the appliance upgrade package.
Check_Point_upg_WEBUI_and_SmartUpdate_R76.Gaia.tgz
Connect to the SecurePlatform appliance from a Web browser to https://<appliance_ip_address>.
In the login page, enter an administrator username and password.
Go to the Upgrade page.
Upload the appliance upgrade package to the appliance.
Ignore any warning messages.
Continue according to the on-screen instructions.
After the upgrade is complete, the appliance boots to Gaia.

Note - The connection to the SecurePlatform WebUI closes after Gaia is installed.
Install the Policy on the Security Gateway. This is highly recommended. The Security Gateway enforces the Initial Policy until you install the Policy:
1. Using SmartDashboard of the correct version, connect to the Security Management server.
2. Open the General Properties page of the Gateway object.
3. Click Get to update the Platform details.
4. Install the policy on the Gateway.

SecurePlatform to SecurePlatform

Use the WebUI to upgrade Security Gateways on appliances.

To upgrade appliances using the WebUI:

Open Internet Explorer and log in to the appliance.
Select Appliance > Upgrade.
Click Check Point Download Center.
The Internet browser opens to the Check Point Support Center.
Search for and download the R76 upload package file.
In the WebUI, click Upload upgrade package to appliance.
The Upload Package to Appliance window opens.
Select the upgrade file:
Check_Point_upg_WEBUI_and_SmartUpdate_R76.SecurePlatform.tgz
Click Upload.
Click Start Upgrade.
Before the upgrade begins, an image is created of the system and is used to revert to in the event the upgrade is not successful.
The Save an Image before Upgrade page, displays the image information.

Click Next.
In the Safe Upgrade section, select Safe upgrade to require a successful login after the upgrade is complete. If no login takes place within the configured amount of time, the system will revert to the saved image.
Click Next.
The Current Upgrade File on Appliance section displays the information of the current upgrade.
To begin the upgrade, click Start.

IP Appliances

Gaia to Gaia

Upgrade Requirements:

Make sure there is enough free disk space to do the upgrade. See the R76 Release Notes.

Using the WebUI: Check the space available for images in the Maintenance > Image Management page.
Using the CLI: In expert mode, run the df -h command and check the available space in /var/log.

To upgrade using the WebUI:

Download the Gaia upgrade package from the Check Point Support Center to the Gaia WebUI client computer.
Check_Point_upg_WEBUI_and_SmartUpdate_R76.Gaia.tgz
Connect to the Gaia WebUI from a Web browser to
https://<management_IP_address>
In the WebUI go to the Maintenance > Upgrade page. (Ensure the View Mode is Advanced.)
Click Upload.
Browse to the location of the upgrade package.
After the package is uploaded, either click Done to add the package to the Upgrade Packages repository, or click Upgrade.
If you added the package to the package repository, select the package, and click Upgrade.

The package is extracted.
After the package is extracted, click OK.
A console window opens.

You are asked if you want to save a snapshot of the system before upgrade. We recommend that you answer Yes.
You are asked if you want to start the upgrade. Select Yes.
After the upgrade, click Reboot.

To upgrade using the upgrade package, with CLI:

You can upload the TGZ to the WebUI, and upgrade Gaia with CLI commands.

Download the Gaia upgrade package from the Check Point Support Center.
Check_Point_upg_WEBUI_and_SmartUpdate_R76.Gaia.tgz
In the Gaia CLI, enter expert mode.
Use FTP, SCP or similar to transfer the upgrade package to the Gaia appliance or computer. We recommend that you place the package in /var/log/upload.
Exit expert mode.
In clish, register the file as an upgrade package. Run the command:
add upgrade <version> package file <full path>
Run:
upgrade local <version>
For example:
upgrade local R76

You are asked if you want to save a snapshot of the system before upgrade. We recommend that you answer Yes.
You are asked if you want to start the upgrade. Select Yes.
After the upgrade, type OK to reboot.

IPSO to Gaia

You can upgrade from IPSO to Gaia with R76 on all IP appliance platforms (IP150, IP280, IP290, IP390, IP560, IP690, IP1280, IP2450) using FTP over a network connection. You can also upgrade to R76 on all of these IP appliance platforms except IP390 and IP560 using a USB removable device and the Check Point ISOmorphic utility.

To upgrade using a removable device see sk83200.
To upgrade over the network using FTP, continue with these instructions.

Preparing for Upgrade

Set up this environment.

IPSO to Gaia Upgrade

Item
1	IP Appliance with IPSO IPSO to Gaia installation package or upgrade package.
2	FTP Server with a Gaia ISO image mounted. The ISO is copied to the IP Appliance as part of the installation or upgrade process. The FTP server can be Linux-based or Windows-based. In this example, the FTP Server is at 192.0.2.2.
3	Optional: FTP Server used as a location for one or more of the following: Backup of IPSO and the Security Gateway configuration. (recommended) A special SmartUpdate package that can be to distribute the IPSO to Gaia installation and upgrade package to multiple Security Gateways. A special package that can be used to install or upgrade Security Gateways, one at a time, without having to answer any questions. This package is created using the answers supplied when running the installation and upgrade package. You can use the same FTP server as for the Gaia ISO, or a different one. In this example, the FTP Server is at 192.0.2.3.
4	Computer with console access to the IP appliance and to the FTP server(s). Console access is recommended because it allows you to keep the connection to the IP Appliance throughout the installation or upgrade. If you connect via SSH you lose the connection after the IP Appliance reboots, and you will not be able to track the installation or upgrade progress.

Upgrade Procedure Overview


	Important - This is an overview of the steps, not the actual instructions. Detailed instructions follow.
Step 1: Get the IPSO to Gaia installation and upgrade package (tgz) and the Gaia ISO image. Step 2: Put the Gaia ISO on an FTP server. Step 3: Install the installation and upgrade package on the IP Appliance using Network Voyager or `clish`. Step 4: Run the script: Clean install - `run-install-gaia` Upgrade - `run-upgrade-to-Gaia` Step 5: Enter FTP server details and the ISO location. The script tests the FTP Server environment: Route to the FTP server Interface speed and duplex settings FTP access with the given credentials FTP access to the specified path Path contains the Gaia ISO and the user has Read/Write access to the directory Multiple simultaneous connections (>20) to the FTP server are allowed Timeout on FTP server is not too low FTP access to files downloaded by the Gaia boot manager Step 6: Optional, but recommended: Enter data for an FTP server to hold IPSO system and configuration backup. Step 7: Optional: Enter data to make a customized IPSO to Gaia upgrade package. Use this to upgrade multiple Security Gateways with SmartUpdate. Upgrade one Security Gateway with the standard IPSO to Gaia upgrade package. Enter the required data to create the special upgrade package. Upgrade all other Security Gateways simultaneously, using the special upgrade package, without more data. All IP Appliances must be able to access the same ftp servers as the first Security Gateway. Step 8: Confirm your selections. Step 9: The installation or upgrade package now runs automatically: If you made a backup package: The backup tar files are copied from the IP Appliance to the FTP server. If you made a customized installation or upgrade package: The package is copied from the IP Appliance to the FTP server. The Gaia image is copied from the FTP server to the IP Appliance. The Gaia image is installed. The Gaia boot manager is installed. The IP Appliance reboots. You see the Gaia prompt on the IP Appliance.
Step 10: Make sure the upgrade succeeded.

Step 1: Getting the Upgrade Package and the Gaia Image //upgrade // Template for Web Admin

Download the Gaia packages for IP Appliance from the R76 home page on the Check Point Support Center.
You will see two packages:
- Gaia ISO image
- IPSO to Gaia installation and upgrade package. The file name is Check_Point_Install_and_Upgrade_IPSO6.2_to_Gaia_R76.tgz
Prepare the installation and upgrade packages:
Copy the packages to an FTP server, in a directory of your choice. Or transfer the packages by FTP to the IP Appliance.

Step 2: Putting the Gaia ISO on an FTP Server

Network Requirements

Important - High network traffic or large transfers (more than 10/100 Mbps links) can interfere with the FTP transfers for installation.

Make sure the appliance can reach the FTP server.
Make sure there is no Firewall which blocks incoming FTP requests from the appliance to the FTP server.
Configure the FTP server to allow more than 100 (or an unlimited number of) concurrent connections.
Make sure the Gaia ISO file is mounted on a directory to which the user has access permissions.

On a Linux-based FTP Server:

Upload the Gaia ISO file to the FTP server
On the FTP server, run:
mount -o loop -t iso9660 <ISO_filename> <mounting_destination_dir>

On a Windows-based FTP Server:

Upload the Gaia ISO file to the FTP server
Extract the Gaia ISO file to a folder on the FTP Server. Use 7-zip, Winzip, WinRAR or similar.
In the folder, run the file
copyrpms.bat
This batch file copies installation files, to give a required workaround to Windows' inability to support soft links.
Give FTP credentials to the folder, so the folder can be accessed via FTP.

Step 3: Installing the Package on the IP Appliance

Log in to the IP Appliance using a console.
Run clish

Install the IPSO to Gaia installation and upgrade package on the IPSO appliance using clish or using Network Voyager (see the Network Voyager Reference Guide.
To use clish:

If the IPSO to Gaia package is on an FTP server, run:
add package media ftp addr <FTP_IP> user <uname> password <pass> name <full_path>/Check_Point_Upgrade_Package_R76.IPSO6.2_to_Gaia.tgz

Note - If using anonymous ftp, change ftp to anonftp.

If the IPSO to Gaia package is on the IP Appliance, go to the directory where the package is located, and run the clish command:
add package media local name ./Check_Point_Upgrade_Package_R76.IPSO6.2_to_Gaia.tgz

The installation and upgrade package is installed.

Trying to install package: ./package_name.tgz

Package Information --

Name : IPSO to Gaia Upgrade

Version : <version>

Release : <Release>

Description: IPSO to Gaia Upgrade Package (<package_version>)

Package will be installed under: /opt

Package installed and activated successfully.

End of package installation.

The installation success message is Package installed and activated successfully.

The package is reported to be activated, but there are no background processes running.

Show the installed and active packages:
show package active

Name                    Ver   Rel    Dir               Desc

 {Check Point CPinfo }  10    00     /opt/CPinfo-10    {Check Point CPinfo}

 {Check Point R70}      R70   00     /opt/CPsuite-R70  {Check Point R70}

 {IPSO to Gaia Upgrade} <ver> <rel>  /opt/<package_name>  {IPSO to Gaia Upgrade Package (<upgrade_package_version>)}

Exit clish. Run: exit

Step 4: Running the Installation and Upgrade Script

Go to the location of the package
cd /opt/<package_name>/
To upgrade, run
./run-upgrade-to-Gaia
To do a clean installation, run
./run-install-Gaia

If you are upgrading multiple appliances from a special upgrade package that was previously saved, the installation or upgrade runs automatically. Continue with Step 9.

If you are upgrading or installing one appliance, continue here.

The script runs. The following shows an upgrade. If you do a clean installation, the IPSO configuration is not transferred to Gaia.

Welcome to the IPSO to Gaia Install/Upgrade procedure.

Checking platform...OK

Checking IPSO OS version ...OK

Checking hostname ...

Checking your configuration

Summary:

        Errors:      0

        Warnings:    0

        Information: 14

Total Grade: 94

Details in file "/var/tmp/verify-IPSO-for-Gaia.msgs".

A newer version of this script may be available.

Contact the Check Point UserCenter at https://usercenter.checkpoint.com

and see SK66569.

Do you want to continue with the upgrade ? [y] y

=========================================================

The following types of information are needed to prepare

your IPSO appliance for the upgrade:

 - info about downloading the Gaia image.

 - info about transferring the verification reports (optional).

 - info about transferring an IPSO backup (optional).

 - info about transferring a special upgrade package with your answers (optional).

Answer the prompts for this info and then the upgrade is performed.

Hit 'Enter' to continue or Ctrl-C to exit

Supply the information for downloading the Gaia image

Note - If you have run the upgrade script before, the previously entered values are shown in square brackets [ ]. Press Enter to accept the values, or type in the new values and press Enter.

Step 5: Verifying the FTP Server

Enter the requested FTP server data and the path to the Gaia installation file.

Required Directory Value

If ISO is mounted to a non-FTP directory

Enter full path to ISO.
A relative path or shortcut link will not work.

Example: if /home/uname/gaia, ./gaia will not work.

If ISO is mounted to /var/ftp, and FTP user account is used to install

Enter path to ISO. A shortened path will work.

Example: if /var/ftp/gaia, gaia will work.

If ISO is mounted to /var/ftp, and non-FTP user account is used to install

Enter full path to ISO.
A relative path or shortcut link will not work.

The script runs some tests to verify the FTP environment. If errors are detected, correct the FTP server configuration and then instruct the program to verify the FTP environment again.

Here is an example of a successful test:

Info for download of the Gaia image:

Info for download of the Gaia image:

IP address of FTP server [192.0.2.2]:

User name [gwhite]:

Password [******]:

Directory [/mnt/fiber292]:

Performing tests of access to FTP server and Gaia ISO

Checking route to 192.0.2.2 ... OK

Interface: eth-s4p1 speed 100M, duplex full

Checking FTP access with given credentials ... OK

Checking FTP access to /mnt/fiber292 ...  OK

Checking /mnt/fiber292 is Gaia ISO ... Yes

Checking multiple simultaneous connections to 192.0.2.2 ...  OK

Checking timeout to 192.0.2.2 ...  OK

Checking FTP access to files downloaded by Gaia boot-manager

        system/ramdisk.pxe ...  OK

        system/base/stage2.img ...  OK

Step 6 (Optional, Recommended): Supplying Reports and Backup Server Information

The script will request details of the FTP server to store reports and backup data. The same path-rules apply here as in Step 5. The backup creates two tgz files, for:

IPSO operating system configuration files, user directories, and log files.
Security Gateway backup files.

Here is an example:

 A complete backup of the IPSO system can performed

 including system configuration, user home directories,

 log files and files from packages.

 Do you want to perform this backup ? [y]

 Use IP address '192.0.2.2' and user 'root' for the backup? [n]

 Details for transferring the IPSO Backup:

 IP address of FTP server []: 192.0.2.3

 User name []:  ftp

 Password []:  ***

 Directory []: /backupdir

 Checking FTP access to 192.0.2.3 (it may take a minute) ... done

Step 7: (Optional): Supplying Special Package Server Information

Enter data of the destination FTP server for the special upgrade package. Enter a destination directory, with the same rules as in Step 5.

A package with your answers to the previous prompts can be created.

 This package can be used on other IPSO gateways for

 unattended conversion to Gaia.

 Do you want to create such a package? [y]

 Details for transferring the package with your answers:

 IP address of FTP server [192.0.2.3]:

 User name [ftp]:

 Password [***]:

 Directory [packagedir]:

 Checking FTP access to 192.0.2.3 (it may take a minute) ... done

Step 8: Confirming Your Selections

You see a summary of all your answers.

Information for download of the Gaia image:

     FTP Server IP Address = 192.0.2.2

     FTP Server user name = root

     Directory on FTP Server = /imagedir

 Information for transferring the IPSO Backup:

     FTP Server IP Address = 192.0.2.3

     FTP Server user name = ftp

     Directory on FTP Server = /backupdir

 Information for transferring the package with your answers:

     FTP Server IP Address = 192.0.2.3

     FTP Server user name = ftp

     Directory on FTP Server = /packagedir

Are these values correct? [y]

Click n to change the selections you made before, or type y to start the upgrade.
The backup file and the special upgrade package file, if you chose to create them, are created.

 Writing values to file

 Performing IPSO backup (file <ipso_backup_file_name>.tgz) ... done

 Performing Check Point Security Gateway backup (file <Security Gateway_backup_file_name>.tgz) ... done

 Transferring IPSO and Check Point Security Gateway backup files ... done

 Creating a package with your answers (<package_name>_AUTO.tgz) ... done

 Transferring package with your answers ... done

 Installing Gaia Boot Manager ... done

You have 30 seconds to abort. To stop the upgrade, press Enter.

IP appliance reboots in 30 seconds to complete the upgrade.

Hit 'Enter' to abort.

Important - If you want to make changes, press Enter now.
This stops the upgrade to Gaia. To complete the upgrade to Gaia, reboot the IP Appliance.

Step 9: Upgrade Runs Automatically

The upgrade runs unattended.

The IP Appliance reboots.

The Gaia Boot Manager runs.

Important - It is possible that after the reboot the system will show the Boot Manager prompt. To complete the upgrade, type INSTALL at the Boot Manager prompt, and provide the requested information. The upgrade should continue from this point.

The Gaia image is installed.

The IPSO and R76 configuration is imported into Gaia, including the SIC trust settings.
You now see the Gaia prompt.

Congratulations. Gaia and R76 are installed on the IP Appliance.

Important - The HTTPS port for the WebUI is set to 443 after an installation or upgrade. To change this, you must use SmartDashboard > Gateway Properties > Portal Settings.

Step 10: Making Sure the Upgrade Succeeded

To check the Security Gateway configuration:

At the Gaia prompt, log in with your IPSO credentials.
The system logs you in to the expert mode. That is, you will be in csh or bash depending on how the original IPSO system was configured.
Type clish to enter clish.
Run fw ver to see the Security Gateway version information.
Run fw stat to confirm that the default policy is enforced.
Launch R76 SmartDashboard.
In the Security Gateway object:
1. Click Test SIC status. SIC status should be Trust Established.
2. Change the version to R76.
3. Install a policy on the Security Gateway.

Rollback from Gaia to IPSO

You can roll back from Gaia to IPSO 6.2. You can also restore the Check Point Security Gateway and/or Security Management server configuration.

Before doing a rollback from Gaia to IPSO:

Make sure that:

The IPSO boot manager installer is available. Download it from the R76 home page.
An IPSO image is available. Put the IPSO image on an FTP server, and make sure that the FTP server is accessible from the Gaia IP Appliance.
A backup of the Check Point Security Gateway on the Gaia IP Appliance is available. Put the backup tar file on an FTP server, and make sure the FTP server is accessible from the Gaia IP Appliance.

To roll back from Gaia to IPSO:

At the Gaia command line prompt, login as the administrator.
Go to expert mode. Type expert and supply the credentials.
Download the IPSO boot manager installer Check_Point_R76_Install_IPSOBootmanager.sh from the R76 home page on the Support Center.
Copy the IPSO boot manager installer to a location of your choice on the Gaia IP Appliance. For example, to /var/tmp.
Change file attributes to give executable permissions. Run
chmod 777 Check_Point_R76_Install_IPSOBootmanager.sh
Install the IPSO boot manager. At the command prompt run
./Check_Point_R76_Install_IPSOBootmanager.sh /dev/hda

The script asks if you want to roll back to

1. IPSO 4.2
2. IPSO 6.2
Choose 2
Type reboot
After the reboot, the system is running the IPSO boot manager.
At the BOOTMGR> prompt, install the IPSO image. Run
install
Enter this data:
- IP address of the IP Appliance.
- Default gateway of the IP Appliance.
- IP address of the FTP server with the IPSO image.
- User credentials.
- Directory path.
- Various configuration questions (about the chassis serial number, whether the system is part of a VRRP cluster, and whether IGMP and BGP are enabled).
The system automatically reboots into IPSO.
Configure the IP Appliance:
- Hostname
- New password for admin
- Enable the management port physical interface
- IP address for the management interface
- Default gateway

To restore the Check Point Security Gateway configuration:

Log in to the newly installed and configured IPSO IP Appliance as admin
Use FTP to transfer the backup archive file containing the Check Point Security Gateway to the IP Appliance, and then uncompress the archive. In the following example,
- The name of the backup archive is CP_archive_nms71_20101124.tgz
- The IP address of the FTP server containing the backup archive is 192.0.2.3.

cd /tmp

ftp ftp://192.0.2.3>/pub/CP_archive_nms71_20101124.tgz

tar xzf /tmp/CP_archive_nms71_20101124.tgz

Restore the IPSO backup file using the set restore CLI commands. In the following example,

The IP address of the FTP server containing the IPSO backup file is 192.0.2.2

The IPSO backup file is in the pub directory.

Important - If the backup contains IPSO and Check Point configuration data, the Check Point packages must be installed first before trying to restore the backup; otherwise the restore will fail.

clish

set restore remote ftp-site ftp://192.0.2.2

set restore remote ftp-user <username e.g. anonymous>

set restore remote ftp-pass <password>

set restore remote ftp-dir pub

set restore remote filename i2g_backup_<hostname and timestamp>.tgz

IPSO automatically reboots.

Log out.
Log in as admin.

Verify the configuration has been restored.

IPSO to IPSO

For IPSO requirements see the R76 Release Notes.

To upgrade to R76 on IPSO:

Upgrade to IPSO 6.2 MR4. See the IPSO 6.2 MR4 Release Notes.
Upgrade to R76 for IPSO.

Upgrading Security Gateways on Open Servers

Before you upgrade:

It is recommended to back up your current configuration.

Gaia to Gaia

Upgrade Requirements:

Make sure there is enough free disk space to do the upgrade. See the R76 Release Notes.

Using the WebUI: Check the space available for images in the Maintenance > Image Management page.
Using the CLI: In expert mode, run the df -h command and check the available space in /var/log.

To upgrade using the WebUI:

Download the Gaia upgrade package from the Check Point Support Center to the Gaia WebUI client computer.
Check_Point_upg_WEBUI_and_SmartUpdate_R76.Gaia.tgz
Connect to the Gaia WebUI from a Web browser to
https://<management_IP_address>
In the WebUI go to the Maintenance > Upgrade page. (Ensure the View Mode is Advanced.)
Click Upload.
Browse to the location of the upgrade package.
After the package is uploaded, either click Done to add the package to the Upgrade Packages repository, or click Upgrade.
If you added the package to the package repository, select the package, and click Upgrade.

The package is extracted.
After the package is extracted, click OK.
A console window opens.

You are asked if you want to save a snapshot of the system before upgrade. We recommend that you answer Yes.
You are asked if you want to start the upgrade. Select Yes.
After the upgrade, click Reboot.

To upgrade using the upgrade package, with CLI:

You can upload the TGZ to the WebUI, and upgrade Gaia with CLI commands.

Download the Gaia upgrade package from the Check Point Support Center.
Check_Point_upg_WEBUI_and_SmartUpdate_R76.Gaia.tgz
In the Gaia CLI, enter expert mode.
Use FTP, SCP or similar to transfer the upgrade package to the Gaia appliance or computer. We recommend that you place the package in /var/log/upload.
Exit expert mode.
In clish, register the file as an upgrade package. Run the command:
add upgrade <version> package file <full path>
Run:
upgrade local <version>
For example:
upgrade local R76

You are asked if you want to save a snapshot of the system before upgrade. We recommend that you answer Yes.
You are asked if you want to start the upgrade. Select Yes.
After the upgrade, type OK to reboot.

To upgrade using an ISO image on a DVD:

Download the Gaia ISO image from the Check Point Support Center.
Check_Point_Install_and_Upgrade_R76.Gaia.iso
Burn the ISO file on a DVD.
Connect an external DVD drive to a USB socket on the appliance or computer.
Run
upgrade cd
You are asked if you want to save a snapshot of the system before upgrade. We recommend that you answer Yes.
You are asked if you want to start the upgrade. Select Yes.
The upgrade takes place.
After the upgrade, before rebooting, remove the DVD from the drive.
Type OK to reboot.

SecurePlatform to Gaia

You can upgrade Security Gateways on SecurePlatform to R76 Security Gateways on Gaia.

To upgrade an open server using the DVD:

Upgrade product licenses to R75 or higher, and attach the licenses to the computer.
Connect a DVD drive to the USB port on the computer.
Run: patch add cd
Select the Gaia upgrade package.
Confirm the MD5 checksum.
If relevant, when prompted, create a backup image for automatic revert.
After extracting files, the Installation program opens.
Accept the license agreement.
Select upgrade.
Configure your contract options.
You can also continue without contract information and configure it later using SmartUpdate.
Select a source for the upgrade utilities.
Wait for the pre-upgrade verifier to complete successfully.
Select Stop Check Point processes.
Select Upgrade installed products, or upgrade installed products and add new products, and confirm.
Wait while the required installation files are extracted.
1. Part one of the upgrade procedure saves data and upgrades the operating system.
2. Part two upgrades Check Point products.
After the upgrade completes successfully, remove the DVD from the drive.
Restart when prompted.
Install the Policy on the Security Gateway. This is highly recommended. The Security Gateway enforces the Initial Policy until you install the Policy:
1. Using SmartDashboard of the correct version, connect to the Security Management server.
2. Open the General Properties page of the Gateway object.
3. Click Get to update the Platform details.
4. Install the policy on the Gateway.

To upgrade a SecurePlatform Open Server using the WebUI:

Open Internet Explorer and log in to the SecurePlatform WebUI.
Select Device > Upgrade.
Click Check Point Download Center.
The Internet browser opens to the Check Point Support Center.
Search for and download the R76 file for upgrades via the WebUI.
Click Browse and select the upgrade file:
Check_Point_upg_WEBUI_and_SmartUpdate_R76.Gaia.tgz
Click Upload package to device.
The package is uploaded to the SecurePlatform computer.

After the Upgrade Status shows that the Uploading is Completed you can start the upgrade.
Recommended: In the Safe Upgrade section, click Save snapshot of the current system before the upgrade. The snapshot is used to revert the system if the upgrade is not successful.
Click Start Upgrade.
Follow the Upgrade Status. After the upgrade, the computer automatically reboots.

Note - The connection to the SecurePlatform WebUI closes after Gaia is installed.
Install the Policy on the Security Gateway. This is highly recommended. The Security Gateway enforces the Initial Policy until you install the Policy:
1. Using SmartDashboard of the correct version, connect to the Security Management server.
2. Open the General Properties page of the Gateway object.
3. Click Get to update the Platform details.
4. Install the policy on the Gateway.

SecurePlatform to SecurePlatform

Use this procedure to upgrade a SecurePlatform installation on the same computer. Upgrade the operating system and the installed products.

To upgrade a SecurePlatform Open Server using a DVD:

Insert R76 DVD into the drive.
At the command prompt, enter: patch add cd
Select SecurePlatform R76 Upgrade Package
Check_Point_Install_and_Upgrade_R76.SecurePlatform_Open_Server.iso
Press y to accept the checksum calculation.
Optional: When prompted, create a backup image so that you can restore the old version.

Note - Creating the snapshot image can take a long time. Check Point products are stopped during this time.
Press N at the welcome message.
Press Y to accept the license agreement.
In the next window, select Upgrade and then press N.
In the next window, press N to continue.
If prompted to download or import a valid support contract, select Continue without contract information. Press N to continue.
If a message shows that says your gateway is not eligible for upgrade, press N to continue.
You can safely ignore this message and use SmartUpdate to update your service contract later.
In the next window, select Download most updated files.
In the Pre-Upgrade Verification Results window, press N to continue.
If the Pre-Upgrade Verification fails, do the suggested steps to correct the problem. Start this procedure again from step 2.
When prompted, select Stop Check Point processes and press N to continue.
When prompted, select Upgrade installed products and press N to continue.
In the Validation window, press N.
When the upgrade completes successfully, restart the computer.

To upgrade a SecurePlatform Open Server using the WebUI:

Open Internet Explorer and log in to the SecurePlatform WebUI.
Select Device > Upgrade.
Click Check Point Download Center.
The Internet browser opens to the Check Point Support Center.
Search for and download the R76 file for upgrades via the WebUI.
Click Browse and select the upgrade file:
Check_Point_upg_WEBUI_and_SmartUpdate_R76.SecurePlatform.tgz
Click Upload package to device.
The package is uploaded to the SecurePlatform computer.

After the Upgrade Status shows that the Uploading is Completed you can start the upgrade.
Recommended: In the Safe Upgrade section, click Save snapshot of the current system before the upgrade. The snapshot is used to revert the system if the upgrade is not successful.
Your browser will automatically try to perform the first login immediately after the upgrade. To allow this, do not close the browser window or browse to another page.
Click Start Upgrade.
Follow the Upgrade Status. After the upgrade, the computer automatically reboots.
Install the Policy on the Security Gateway. This is highly recommended. The Security Gateway enforces the Initial Policy until you install the Policy:
1. Using SmartDashboard of the correct version, connect to the Security Management server.
2. Open the General Properties page of the Gateway object.
3. Click Get to update the Platform details.
4. Install the policy on the Gateway.

Windows

This section describes the upgrade process using the R76 Installation DVD.

To upgrade a gateway in a Windows platform:

Insert the R76 DVD.
If the upgrade does not start automatically, run Setup.exe from the DVD.
Click Next to start the installation wizard.
Accept the license agreement and click Next.
Click Next to check your license information.
Select one of the license options and click Next.
To add Check Point products that were not installed previously, select Install additional Check Point products and click Next.
Select the new products to install.
A list of the products that will be upgraded or installed. Click Next to start the installation.
When the installation is finished, click Next to continue.
In Licenses and Contracts, select a licensing option and click Next.
In Secure Internal Communication, verify the SIC details and click Next.
In Clustering, select whether this Security Gateway is part of a cluster.
Click Finish to close the installation wizard.

When the upgrade process is complete:

Using SmartDashboard, log in to the R76 Security Management server that controls the upgraded gateway.
Open the gateway object properties window that represents the upgraded gateway and change the version to R76.
Install the policy on the upgraded gateway.

If necessary, you can restore the previous configuration.

Upgrading a VSX Gateway

The vsx_util command upgrades a VSX Gateway from an earlier version to R76.

Important - The vsx_util command cannot modify the management database if the database is locked. Make sure that no other administrators are connected to the management server. For a Multi-Domain Server configuration, make sure that no other administrators are connected to domains.

To upgrade a VSX Gateway to R76:

Install R76 on the VSX Gateway.
Reboot the VSX Gateway.
Close SmartDashboard.
Upgrade the VSX Gateways in the Security Management server.
1. From the Security Management server CLI, run vsx_util upgrade.
2. Do the on-screen instructions.

Push the configuration to the VSX Gateways. Do these steps for each VSX Gateway or cluster member.

Run vsx_util reconfigure.
Do the on-screen instructions.
The existing security policy is installed and configured on the upgraded VSX Gateway and this message is shown:

Reconfigure module operation completed successfully

Reboot the VSX Gateway.

Note - In a Multi-Domain Server environment, the operation skips any Domain Management Servers locked by an administrator. For all locked Domain Management Servers, when they are available, do steps 4 and 5 and then resume the upgrade.

Install the necessary licenses.

Upgrading Standalone Full High Availability

Full High Availability: The server and the gateway are in a standalone configuration and each has High Availability to a second standalone machine. If there is a failure, the server and the gateway failover to the secondary machine. In the standalone configuration the server and gateway can failover independently of each other. For example, if only the server has an issue, only that server fails over. There is no effect on the gateway in the standalone configuration.

To upgrade Full High Availability for cluster members in standalone configurations, there are different options:

Upgrade one machine and synchronize the second machine with minimal downtime.
Upgrade with a clean installation on one machine and synchronize the second machine with system downtime.

Upgrading with Minimal Downtime

You can do a Full High Availability upgrade with minimal downtime to the cluster members.

To upgrade Full High Availability with minimal downtime:

Make sure the primary cluster member is active and the secondary is standby: check the status of the members.
Start failover to the second cluster member.
The secondary cluster member processes all the traffic.
Log in with SmartDashboard to the management server of the secondary cluster member.
Click Change to Active.
Configure the secondary cluster member to be the active management server.

Note - We recommend to export the database using the Upgrade tools.
Upgrade the primary cluster member to the appropriate version.
Log in with SmartDashboard to the management server of the primary cluster member.
Make sure version of the SmartDashboard is the same as the server.
Upgrade the version of the object to the new version.
Install the policy on the cluster object.
The primary cluster member processes all the traffic.

Note - Make sure that the For Gateway Clusters install on all the members option is cleared. Selecting this option causes the installation to fail.
Upgrade the secondary cluster member to the appropriate version.
Synchronize for management High Availability.

Upgrading with a Clean Installation

You can do a Full High Availability upgrade with a clean installation on the secondary cluster member and synchronize the primary cluster member. This type of upgrade causes downtime to the cluster members.

To upgrade Full High Availability with a clean installation:

Make sure the primary cluster member is active and the secondary is standby: check the status of the members.
Start failover to the second cluster member.
The secondary cluster member processes all the traffic.
Log in with SmartDashboard to the management server of the secondary cluster member.
Click Change to Active.
Configure the secondary cluster member to be the active management server.

Note - We recommend to export the database using the Upgrade tools.
Upgrade the primary cluster member to the appropriate version.
Log in with SmartDashboard to the management server of the primary cluster member.
Make sure version of the SmartDashboard is the same as the server.
Upgrade the version of the object to the new version.
Install the policy on the cluster object.
The primary cluster member processes all the traffic.

Note - Make sure that the For Gateway Clusters install on all the members option is cleared. Selecting this option causes the installation to fail.
Install the secondary member.
From SmartDashboard, configure the cluster object.
1. Change the secondary details (if necessary).
2. Establish SIC.
Synchronize for management High Availability.
The primary management database synchronizes to the secondary management database.

Upgrading Clusters

If the appliance to upgrade was not the primary member of a cluster before, export its database before you upgrade. If it was the primary member before, you do not have to do this.

To upgrade an appliance and add it to a cluster:

If the appliance was not the primary member of a cluster, export the Security Management server database.
Upgrade the appliance.
If the appliance was not the primary member of a cluster, import the database.
Using the WebUI, on the Cluster page, configure the appliance to be the primary member of a new cluster.
Connect a second appliance to the network.
- If the second appliance is based on an earlier version: get the relevant upgrade package from the Download Center, save it to a USB stick, and reinstall the appliance as a secondary cluster member.
- If the second appliance is upgraded: run the first-time wizard and select Secondary Cluster Member.

Enabling IPv6 on Gaia

IPv6 is automatically enabled if you configure IPv6 addresses in the First Time Configuration Wizard.

If you did not do this, enable IPv6 in one of the following ways:

To enable IPv6 using clish:

Run:
set ipv6-state on
Run:
save config
Run:
reboot

To enable IPv6 using the WebUI:

In the WebUI navigation tree, select Advanced > System Configuration.
For IPv6 Support, select On.

Changing to an IPv6-Only Management IP Address

To remove the IPv4 management address from a Security Management server with a dual-IP management addresses (IPv4 and IPv6):

Open SmartDashboard using the IPv6 address.
Edit the Security Management server object.
In the General Properties page, delete the IPv4 address.
Go to the Topology page, Interface Properties window, and delete the IPv4 address.
Save.
Open the Gaia WebUI by connecting to the IPv6 address https://<IPv6 address>.
Delete the management IPV4 address from these pages:
- Network Interfaces
- IPv4 Static routes

Deleting the IPV4 address from Management HA

You can remove the IPv4 address from one member in a management High Availability environment and keep the IPv6 and IPv4 addresses on the second member.

To remove the IPv4 address from a management HA member:

Open the WebUI.
In the Network Management > Network Interfaces page, delete the IPV4 address.
Open SmartDashboard.
Reset SIC.
Install the database (Policy > Install Database).
Reboot.
Synchronize the databases of the Security Management servers.

Top of Page

Download Complete PDF

Send Feedback

Upgrading Security Management Server and Security Gateways

Related Topics

Upgrading Standalone

Upgrading Standalone Appliances

UTM-1 and 2012 Models

Gaia to Gaia

SecurePlatform to Gaia

SecurePlatform to SecurePlatform

IP Appliances

Gaia to Gaia

IPSO to IPSO

Upgrading Standalone Open Servers

Gaia to Gaia

SecurePlatform to Gaia

SecurePlatform to SecurePlatform

Windows to Windows

Upgrading the Security Management Server

Upgrading Security Management Server on Appliances

Smart-1 and 2012 Models

Gaia to Gaia

SecurePlatform to Gaia

SecurePlatform to SecurePlatform

Upgrading Security Management Server on Open Servers

Gaia to Gaia

SecurePlatform to Gaia

SecurePlatform to SecurePlatform

Windows to Windows

Upgrading Endpoint Security

Upgrading Security Gateways

Upgrading Gateways using SmartUpdate

Configuring the Security Management Server for SmartUpdate

Add Packages to the Package Repository

Gateway Upgrade - SmartUpdate

Upgrading Security Gateways on Appliances

UTM-1, Power-1, and 2012 Models

Gaia to Gaia

SecurePlatform to Gaia

SecurePlatform to SecurePlatform

IP Appliances

Gaia to Gaia

IPSO to Gaia

Preparing for Upgrade

Upgrade Procedure Overview

Step 1: Getting the Upgrade Package and the Gaia Image //upgrade // Template for Web Admin

Step 2: Putting the Gaia ISO on an FTP Server

Step 3: Installing the Package on the IP Appliance

Step 4: Running the Installation and Upgrade Script

Step 5: Verifying the FTP Server

Step 6 (Optional, Recommended): Supplying Reports and Backup Server Information

Step 7: (Optional): Supplying Special Package Server Information

Step 8: Confirming Your Selections

Step 9: Upgrade Runs Automatically

Step 10: Making Sure the Upgrade Succeeded

Rollback from Gaia to IPSO

IPSO to IPSO

Upgrading Security Gateways on Open Servers

Gaia to Gaia

SecurePlatform to Gaia

SecurePlatform to SecurePlatform

Windows

Upgrading a VSX Gateway

Upgrading Standalone Full High Availability

Upgrading with Minimal Downtime

Upgrading with a Clean Installation

Upgrading Clusters

Enabling IPv6 on Gaia

Changing to an IPv6-Only Management IP Address

Deleting the IPV4 address from Management HA