In This Section: |
Use these procedures to upgrade a Dual-Chassis system from R75.0x, R75.40VS, and R76SP.10 to R76SP.50. One Chassis is always Active during the upgrade, except for a brief period during a manual failover.
To upgrade from a major release:
Chassis A (Active) handles traffic.
To upgrade from a major release, use an ISO image on a bootable USB device. Download the ISO image from the R76SP.50 60000/40000 Security Platforms Home Page.
Step |
Operation |
Command |
1 |
Make sure that your Security Management Servers are version R76 or higher. If not, upgrade your Security Management Servers. |
|
2 |
Back up your Scalable Platform. |
|
2a |
Create a snapshot of one SGM. |
|
2b |
Make sure that the snapshot was created successfully. |
|
2c |
Export the snapshot. |
|
2d |
Copy the exported snapshot to external media or a remote server:
|
|
2e |
Collect configuration settings and system status information into a data file:
|
|
3 |
Send the output data file to Check Point Support. The information is used to create a custom configuration procedure for use during the upgrade procedure. |
|
4 |
Detect errors or other system issues. Resolve these issues before you start the upgrade process. |
|
5 |
Download the R76SP.50 ISO image or HFA Upgrade package from the R76SP.50 60000/40000 Security Platforms Home Page. You need image this during the upgrade procedure. |
|
Notes:
-c
, enter the Chassis ID only, not the word chassis
.For example: # asg chassis_admin -c 1 down
-b
, enter the word Chassis and its ID of Chassis1 or Chassis2.For example: # g_reboot -a -b chassis1
Step |
Operation |
Command |
6 |
Set Chassis B to administratively DOWN state. |
|
7 |
Disconnect the cables connected to all ports on Chassis B (Management, Data and Synchronization). |
|
7a |
Connect to the serial port on SGM1 on Chassis B. |
|
7b |
Use a terminal emulation utility to open a console session. |
|
8 |
Install the R76SP.50 image on the SGM from a removable media. |
Install the image on all the SGMs at the same time, or create a bootable USB media for each SGM. |
9 |
When installation is complete on all SGMs, log into SGM1 from your console session. |
User name/password are |
10 |
Start the installation. |
|
11 |
Configure the setup to be similar to Chassis A. Apply all the configuration instructions that Check Point Support gave you. |
|
12 |
Reboot all SGMs. Important - Wait until all SGMs are up and running before you continue. |
|
13 |
Make sure the installed version is correct. |
|
14 |
Upgrade the SSMs on Chassis B. |
|
15 |
Upgrade CMM firmware on Chassis B. |
|
16 |
Install a policy on Chassis B. |
|
17 |
Disconnect the Management port from Chassis A. Note - Logs are not saved during these steps. |
|
18 |
Connect the Management port to Chassis B. |
|
19 |
In SmartDashboard, change the Security Gateway object to version R76. |
|
20 |
Establish SIC Trust. |
|
21 |
Install the policy. |
|
Step |
Operation |
22 |
Disconnect the cables from all ports (Management, Data, and Synchronization) on Chassis A's SSMs. The 60000/40000 Security Platform is temporarily disconnected from the network. |
23 |
Connect the data ports to Chassis B. Note - Do not reconnect the Synchronization port to Chassis B. |
24 |
Run post-upgrade tests to make sure that traffic flows normally on Chassis B. Note - Chassis B is now handling the traffic. |
Step |
Operation |
Command |
25 |
Connect a console to the serial port on SGM1 on Chassis A. Use a terminal emulation utility to open a console session. |
|
26 |
Install the R76SP.50 image from a removable media on each SGM. |
Install the image on all SGMs at the same time, or create a bootable USB media for each SGM. |
27 |
Manually upgrade the SSMs on Chassis A. |
|
27a |
Activate the private shell. Connect to the SSM with over SSH. Press Ctrl+C to close the private shell. Enter
log to close the SSM console session.
|
|
27b |
Copy the firmware upgrade file to both SSMs. When prompted, enter this password:
|
Where <SSM_IP>:
|
27c |
From a console session to an SSM, overwrite the default configuration. |
|
27d |
Make sure that the firmware upgrade is successful. |
|
27e |
Do these steps again on the other SSM. |
|
28 |
Upgrade CMM firmware on Chassis A. |
|
29 |
Connect the Sync interface to Chassis B and wait for all SGMs on Chassis A to reboot. |
|
30 |
Make sure the version is correct. |
|
31 |
Connect all Management and Data ports on Chassis A. |
|
32 |
Set Chassis A to administratively UP state. |
|
33 |
Make sure that the 60000/40000 Security Platform works normally. |
|
34 |
Upgrade SSM firmware to be aligned to Chassis B firmware. |
|
Step |
Operation |
Command |
35 |
Manually fail over from Chassis B to Chassis A. Chassis B is now the Standby Chassis. |
|
36 |
Set Chassis B to administratively UP state. |
|
Step |
Operation |
Command |
37 |
Run post-upgrade tests to make sure traffic flows normally on Chassis A and that the system works normally. |
|