|
|
|
In This Section: |
Before you upgrade:
If you use Mobile Access Software Blade and you edited the configurations, review the edits before you upgrade to R77!
Data |
Path |
|---|---|
Gateway Configurations |
$CVPNDIR/conf/cvpnd.C |
Apache Configuration Files |
$CVPNDIR/conf/httpd.conf |
$CVPNDIR/conf/includes/* |
|
Local certificate authorities |
$CVPNDIR/var/ssl/ca-bundle/ |
DynamicID (SMS OTP) Local Phone List |
$CVPNDIR/conf/SmsPhones.lst |
RSA configuration |
/var/ace/sdconf.rec |
Any PHP files that were edited |
|
Any image file that was replaced (*.gif, *.jpg) |
|
Do not overwrite the R77 files with your customized files!
A valid Service Contract is required for all upgrades. The installation procedure makes sure that a service contract is in force before continuing with installation.
Before you upgrade appliances or computers, get the upgrade tools. There is a different package of tools for each source platform. After installation, you can find the upgrade tools in the installation directory.
$FWDIR/bin/upgrade_toolsFWDIR%/bin/upgrade_toolsTo make sure you have the latest version of the upgrade tools, you can download the appropriate package from the Check Point Support site.
When you open the upgrade_tools package, you see these files:
Package |
Description |
|---|---|
migrate.conf |
Holds configuration settings for Advanced Upgrade / Database Migration. |
migrate |
Runs Advanced Upgrade or migration. |
pre_upgrade_verifier.exe |
Analyzes compatibility of the currently installed configuration with the upgrade version. It gives a report on the actions to take before and after the upgrade. |
migrate export |
Backs up all Check Point configurations, without operating system information. |
migrate import |
Restores backed up configuration. |
The Pre-upgrade Verifier runs automatically during the upgrade process. You can also run it manually with this command.
Syntax:
|
Parameters:
Parameter |
Description |
|---|---|
-p |
Path of the installed Security Management Server (FWDIR) |
-c |
Currently installed version |
-t |
Target version |
-f |
Output report to this file |
-w |
Output report to a web format file |
If you encounter unforeseen obstacles during the upgrade process, consult the Support Center or contact your Reseller.
Before upgrading a gateway or Security Management Server to R77, you need to have a valid support contract that includes software upgrade and major releases registered to your Check Point User Center account. The Security Management Server stores the contract file and downloads it to Security Gateways during the upgrade. By verifying your status with the User Center, the contract file enables you to easily remain compliant with current Check Point licensing standards.
As in all upgrade procedures, first upgrade your Security Management Server or Multi-Domain Server before upgrading the Gateways. Once the management has been successfully upgraded and contains a contract file, the contract file is transferred to a gateway when the gateway is upgraded (the contract file is retrieved from the management).
Note - Multiple user accounts at the User Center are supported.
When you upgrade a Management Server, the upgrade process checks to see whether a Contract File is already present on the v. If not, you get the main options for getting a contract. You can download a Contract File or import it.
If the Contract File does not cover the Management Server, a message informs you that the Management Server is not eligible for upgrade. The absence of a valid Contract File does not prevent upgrade. You can download a valid Contract File later in SmartUpdate.
If you have Internet access and a valid user account, download a Contract File directly from your User Center account. If you choose to download the contract information from the User Center, you are prompted to enter your:
If the Management Server does not have Internet access:
Select this option if you intend to get and install a valid Contract File at a later date. Note that at this point your Security Gateways are not strictly eligible for an upgrade; you may be in violation of your Check Point Licensing Agreement, as shown in the final message of the upgrade process.
After you accept the End User License Agreement (EULA), the upgrade process searches for a valid contract on the gateway. If a valid contract is not located, the upgrade process attempts to retrieve the latest contract file from the Security Management Server. If not found, you can download or import a contract.
If the contract file does not cover the gateway, a message informs you (on Download or Import) that the gateway is not eligible for upgrade. The absence of a valid contract file does not prevent upgrade. When the upgrade is complete, contact your local support provider to obtain a valid contract. Use SmartUpdate to install the contract file.
Use the download or import instructions for installing a contract file on a Security Management Server.
If you continue without a contract, you install a valid contract file later. But the gateway is not eligible for upgrade. You may be in violation of your Check Point Licensing Agreement, as shown in the final message of the upgrade process. Contact your reseller.