Minimal Effort Upgrade of a Security Gateway Cluster

Important:

Load Sharing modes are only supported with the required R80.20 Jumbo Hotfix Accumulator. For instructions, see sk162637.
To upgrade a ClusterXL that works in a Load Sharing mode from a lower version to R80.20, follow these steps in the same maintenance window:
1. Upgrade the ClusterXL to R80.20.
2. Install the required R80.20 Jumbo Hotfix Accumulator. For instructions, see sk162637.

Important - Before you upgrade a cluster:

Step	Description
1	Back up your current configuration.
2	See the Upgrade Options and Prerequisites.
3	See the Planning a Cluster Upgrade.
4	Upgrade the Management Server and Log Servers to R80.20 version.
5	Schedule a full maintenance window to make sure you can make all the desired custom configurations again after the upgrade.

Workflow:

On each Cluster Member - Upgrade to R80.20 with CPUSE, or perform a Clean Install of R80.20
In SmartConsole - Change the version of the cluster object
In SmartConsole - Install the Policy
On each Cluster Member - Examine the cluster state
Test the functionality

Step 1 of 5: On each Cluster Member - Upgrade to R80.20 with CPUSE, or perform a Clean Install of R80.20

Installation Method	Instructions
Upgrade to R80.20 with CPUSE	See Installing Software Packages on Gaia. Follow the applicable action plan for the local or central installation. Select the R80.20 package and perform Upgrade.
Clean Install of R80.20 with CPUSE	See Installing Software Packages on Gaia. Follow the applicable action plan for the local or central installation. Select the R80.20 package and perform Clean Install.
Clean Install of R80.20 from scratch	See Installing a ClusterXL Cluster, or Installing a VRRP Cluster. In the Gaia First Time Configuration Wizard, for the Management Connection IP address, you must use the same IP address as was used by the previous Cluster Member (prior to the upgrade).

Installation Method

Instructions

Upgrade to R80.20 with CPUSE

See Installing Software Packages on Gaia.

Follow the applicable action plan for the local or central installation.

Select the R80.20 package and perform Upgrade.

Clean Install of R80.20 with CPUSE

See Installing Software Packages on Gaia.

Follow the applicable action plan for the local or central installation.

Select the R80.20 package and perform Clean Install.

Clean Install of R80.20 from scratch

See Installing a ClusterXL Cluster, or Installing a VRRP Cluster.

In the Gaia First Time Configuration Wizard, for the Management Connection IP address, you must use the same IP address as was used by the previous Cluster Member (prior to the upgrade).

Note - You must reboot the Cluster Member after the upgrade or clean install.

Step 2 of 5: In SmartConsole - Change the version of the cluster object

Step	Description
1	Connect with SmartConsole to the R80.20 Security Management Server or Domain Management Server that manages this cluster.
2	From the left navigation panel, click Gateways & Servers.
3	Open the Cluster object.
4	From the left navigation tree, click the General Properties page.
5	In the Platform section > Version field, select R80.20.
6	If you performed a Clean Install of R80.20 on the Cluster Member, then establish the Secure Internal Communication (SIC) between the Management Server and this Cluster Member: From the left tree, click Cluster Members. Select the Cluster Member object. Click Edit. On the General tab, click the Communication button. Click Reset. In the One-time password field, enter the same Activation Key you entered during the First Time Configuration Wizard of the Cluster Member. In the Confirm one-time password field, enter the same Activation Key again. Click Initialize. The Trust state field must shows Trust established. Click Close to close the Communication window. Click OK to close the Cluster Member Properties window.
7	Click OK to close the Gateway Cluster Properties window.

Step 3 of 5: In SmartConsole - Install the Policy

Step	Description
1	Connect with SmartConsole to the R80.20 Security Management Server or Domain Management Server that manages this Security Gateway.
2	From the left navigation panel, click Gateways & Servers.
3	Install the Access Control Policy: Click Install Policy. In the Policy field, select the applicable Access Control Policy. Click Install. The Access Control Policy must install successfully.
4	Install the Threat Prevention Policy: Click Install Policy. In the Policy field, select the applicable Threat Prevention Policy. Click Install. The Threat Prevention Policy must install successfully.

Step 4 of 5: On each Cluster Member - Examine the cluster state

Step	Description
1	Connect to the command line on each Cluster Member.
2	Examine the cluster state in one of these ways: In Gaia Clish, run: `show cluster state` In Expert mode, run: `cphaprob state` Note - Cluster states of the Cluster Members are: one is Active, others are Standby.

Step

Description

Connect to the command line on each Cluster Member.

Examine the cluster state in one of these ways:

In Gaia Clish, run:
show cluster state
In Expert mode, run:
cphaprob state

Note - Cluster states of the Cluster Members are: one is Active, others are Standby.

Step 5 of 5: Test the functionality

Step	Description
1	Connect with SmartConsole to the R80.20 Security Management Server or Domain Management Server that manages this cluster.
2	From the left navigation panel, click Logs & Monitor > Logs.
3	Examine the logs from this Cluster to make sure it inspects the traffic as expected.

For more information:

See the R80.20 ClusterXL Administration Guide.