In a migration and upgrade scenario, you perform the procedure on the source Security Management Server and the different target Security Management Server.
Notes:
Important - Before you upgrade a Security Management Server:
Step |
Description |
---|---|
1 |
|
2 |
See the Upgrade Options and Prerequisites. |
3 |
In R80 and above, examine the SmartConsole sessions:
|
4 |
You must close all GUI clients (SmartConsole applications) connected to the source Security Management Server. |
5 |
Install the latest version of the CPUSE from sk92449. Note - The default CPUSE does not support the required Upgrade Tools package. |
Workflow:
Step 1 of 13: Get the required Upgrade Tools on the R80.20.M1 Security Management Server
Step |
Description |
---|---|
1 |
Download the required Upgrade Tools from sk135172. Note - This is a CPUSE Offline package. |
2 |
Install the required Upgrade Tools with CPUSE. See Installing Software Packages on Gaia and follow the applicable action plan for the local offline installation. |
3 |
Make sure the package is installed. Run this command in the Expert mode:
The output must show the same build number you see in the name of the downloaded package. Example: Name of the downloaded package:
|
Note - The command
from these Upgrade Tools always tries to connect to Check Point Cloud over the Internet. This is to make sure you always have the latest version of these Upgrade Tools installed. If the connection to Check Point Cloud fails, this message appears:migrate_server
"
"Timeout. Failed to retrieve Upgrade Tools package. To download the package manually, refer to sk135172.
Step 2 of 13: On the R80.20.M1 Security Management Server, run the Pre-Upgrade Verifier and export the management database
Step |
Description |
---|---|
1 |
Connect to the command line on the current Security Management Server. |
2 |
Log in to the Expert mode. |
3 |
Run the Pre-Upgrade Verifier.
|
4 |
Read the Pre-Upgrade Verifier output. If you need to fix errors:
|
5 |
Go to the
|
6 |
Export the management database:
Syntax options:
|
7 |
Calculate the MD5 for the exported database files:
|
8 |
Transfer the exported databases from the current Security Management Server to an external storage:
Note - Make sure to transfer the file in the binary mode. |
Step 3 of 13: Install a new R80.20 Security Management Server
Perform a clean install of the R80.20 Security Management Server on another computer (do not perform initial configuration in SmartConsole).
Important - These options are available:
If in the future you need to have a different IP address on the R80.20 Security Management Server, you can change it.
For applicable procedures, see sk40993 and sk65451.
Note that you have to issue licenses for the new IP address.
Note that you have to issue licenses for the new IP address.
You must install the new licenses only after you import the databases.
Step 4 of 13: Get the required Upgrade Tools on the new R80.20 Security Management Server
Step |
Description |
---|---|
1 |
Download the required Upgrade Tools from sk135172. Note - This is a CPUSE Offline package. |
2 |
Install the required Upgrade Tools with CPUSE. See Installing Software Packages on Gaia and follow the applicable action plan for the local offline installation. |
3 |
Make sure the package is installed. Run this command in the Expert mode:
The output must show the same build number you see in the name of the downloaded package. Example: Name of the downloaded package:
|
Note - The command
from these Upgrade Tools always tries to connect to Check Point Cloud over the Internet. This is to make sure you always have the latest version of these Upgrade Tools installed. If the connection to Check Point Cloud fails, this message appears:migrate_server
"
"Timeout. Failed to retrieve Upgrade Tools package. To download the package manually, refer to sk135172.
Step 5 of 13: On the R80.20 Security Management Server, import the databases
Step |
Description |
---|---|
1 |
Connect to the command line on the R80.20 Security Management Server. |
2 |
Log in to the Expert mode. |
3 |
Make sure a valid license is installed:
If it is not already installed, then install a valid license now. |
4 |
Transfer the exported databases from an external storage to the R80.20 Security Management Server, to some directory. Note - Make sure to transfer the files in the binary mode. |
5 |
Make sure the transferred files are not corrupted. Calculate the MD5 for the transferred files and compare them to the MD5 that you calculated on the original Security Management Server:
|
6 |
Go to the
|
7 |
Import the management database:
Note - The Syntax options:
|
Step 6 of 13: Install the R80.20 SmartConsole
Step 7 of 13: Install the new licenses, if the R80.20 Security Management Server has a different IP address than the source Security Management Server
If the IP addresses of the source and target Security Management Servers are different, follow these steps:
Step |
Description |
---|---|
1 |
Issue licenses for the new IP address in your Check Point User Center account. |
2 |
Install the new licenses on the R80.20 Security Management Server. You can do this either in the CLI with the |
3 |
Wait for a couple of minutes for the Security Management Server to detect the new licenses. Alternatively, restart Check Point services:
|
Step 8 of 13: Upgrade the dedicated Log Servers and dedicated SmartEvent Servers
If your Security Management Server manages dedicated Log Servers or SmartEvent Servers, you must upgrade these dedicated servers to the same version as the Security Management Server.
See Upgrading a Management Server or Log Server from R80.20.M1.
Step 9 of 13: Install the management database
Step |
Description |
---|---|
1 |
Connect with SmartConsole to the R80.20 Security Management Server. |
2 |
In the top left corner, click Menu > Install database. |
3 |
Select all objects. |
4 |
Click Install. |
5 |
Click OK. |
Step 10 of 13: Install the Event Policy
This step applies only if the SmartEvent Correlation Unit Software Blade is enabled on the R80.20 Security Management Server.
Step |
Description |
---|---|
1 |
Connect with the SmartConsole to the R80.20 Security Management Server. |
2 |
In the SmartConsole, from the left navigation panel, click Logs & Monitor. |
3 |
At the top, click + to open a new tab. |
4 |
In the bottom left corner, in the External Apps section, click SmartEvent Settings & Policy. The Legacy SmartEvent client opens. |
5 |
In the top left corner, click Menu > Actions > Install Event Policy. |
6 |
Confirm. |
7 |
Wait for these messages to appear:
|
8 |
Click Close. |
9 |
Close the Legacy SmartEvent client. |
Step 11 of 13: Test the functionality
Step |
Description |
---|---|
1 |
Connect with the SmartConsole to the R80.20 Security Management Server. |
2 |
Make sure the management database and configuration were upgraded correctly. |
Step 12 of 13: Disconnect the old R80.20.M1 Security Management Server from the network
Step 13 of 13: Connect the new R80.20 Security Management Server to the network