Upgrading Multi-Domain Servers in High Availability from R80.20.M1 with CPUSE

In a CPUSE upgrade scenario, you perform the upgrade procedure on the same Multi-Domain Servers.

Note - This procedure is supported only for Multi-Domain Servers that run R80.20.M1.

Important - Before you upgrade:

Step	Description
1	Back up your current configuration.
2	See the Upgrade Options and Prerequisites.
3	In R80 and above, examine the SmartConsole sessions: Connect with the SmartConsole to each Domain Management Server. From the left navigation panel, click Manage & Settings > Sessions > View Sessions. You must publish or discard all sessions, for which the Changes column shows a number greater than zero. Right-click on such session and select Publish or Discard.
4	You must close all GUI clients (SmartConsole applications) connected to the source Multi-Domain Servers.
5	Install the latest version of the CPUSE from sk92449. Note - The default CPUSE does not support the required Upgrade Tools package.

Workflow:

If the Primary Multi-Domain Server is not available, promote the Secondary Multi-Domain Server to be the Primary
Get the required Upgrade Tools on the Primary R80.20.M1 Multi-Domain Server
Upgrade the Primary R80.20.M1 Multi-Domain Server with CPUSE
On the Primary R80.20 Multi-Domain Server, upgrade the attributes of all managed objects in all Domain Management Servers
Install the R80.20 SmartConsole
On the Primary R80.20 Multi-Domain Server, install the management database
Perform a clean install of the R80.20 on the Secondary Multi-Domain Server
Get the required Upgrade Tools on the Secondary R80.20 Multi-Domain Server
Upgrade the Multi-Domain Log Server, dedicated Log Servers, and dedicated SmartEvent Servers
Test the functionality

Step 1 of 10: If the Primary Multi-Domain Server is not available, promote the Secondary Multi-Domain Server to be the Primary

For instructions, see the R80.20 Multi-Domain Security Management Administration Guide - Chapter Working with High Availability - Section Failure Recovery - Subsection Promoting the Secondary Multi-Domain Server to Primary.

Step 2 of 10: Get the required Upgrade Tools on the Primary R80.20.M1 Multi-Domain Server

Step	Description
1	Download the required Upgrade Tools from sk135172. Note - This is a CPUSE Offline package.
2	Install the required Upgrade Tools with CPUSE. See Installing Software Packages on Gaia and follow the applicable action plan for the local offline installation.
3	Make sure the package is installed. Run this command in the Expert mode: `[Expert@MDS:0]# cpprod_util CPPROD_GetValue CPupgrade-tools-R80.20 BuildNumber 1` The output must show the same build number you see in the name of the downloaded package. Example: Name of the downloaded package: `ngm_upgrade_wrapper_992000043_1.tgz` `[Expert@MDS:0]# cpprod_util CPPROD_GetValue CPupgrade-tools-R80.20 BuildNumber 1` `992000043` `[Expert@MDS:0]#`

Step

Description

Download the required Upgrade Tools from sk135172.

Note - This is a CPUSE Offline package.

Install the required Upgrade Tools with CPUSE.

See Installing Software Packages on Gaia and follow the applicable action plan for the local offline installation.

Make sure the package is installed.

Run this command in the Expert mode:

[Expert@MDS:0]# cpprod_util CPPROD_GetValue CPupgrade-tools-R80.20 BuildNumber 1

The output must show the same build number you see in the name of the downloaded package.

Example:

Name of the downloaded package: ngm_upgrade_wrapper_992000043_1.tgz

[Expert@MDS:0]# cpprod_util CPPROD_GetValue CPupgrade-tools-R80.20 BuildNumber 1
992000043
[Expert@MDS:0]#

Note - The command migrate_server from these Upgrade Tools always tries to connect to Check Point Cloud over the Internet. This is to make sure you always have the latest version of these Upgrade Tools installed. If the connection to Check Point Cloud fails, this message appears:
"Timeout. Failed to retrieve Upgrade Tools package. To download the package manually, refer to sk135172."

Step 3 of 10: Upgrade the Primary R80.20.M1 Multi-Domain Server with CPUSE

See Installing Software Packages on Gaia and follow the applicable action plan for the local installation.

Step 4 of 10: Install the R80.20 SmartConsole

See Installing SmartConsole.

Step 5 of 10: On the Primary R80.20 Multi-Domain Server, install the management database

Step	Description
1	Connect with SmartConsole to each Domain Management Server.
2	In the top left corner, click Menu > Install database.
3	Select all objects.
4	Click Install.
5	Click OK.

Step 6 of 10: Perform a clean install of the R80.20 on the Secondary Multi-Domain Server

Perform a clean install of the Secondary R80.20 Multi-Domain Server.

Important:

The IP addresses of the source and target Multi-Domain Servers must be the same. If you need to have a different IP address on the R80.20 Multi-Domain Server, you can change it only after the upgrade procedure. Note that you have to issue licenses for the new IP address. For applicable procedure, see sk74020.

Step 7 of 10: Get the required Upgrade Tools on the Secondary R80.20 Multi-Domain Server

Note - This step is needed only to be able to export the management database (for backup purposes) with the latest Upgrade Tools.

Step	Description
1	Download the required Upgrade Tools from sk135172. Note - This is a CPUSE Offline package.
2	Install the required Upgrade Tools with CPUSE. See Installing Software Packages on Gaia and follow the applicable action plan for the local offline installation.
3	Make sure the package is installed. Run this command in the Expert mode: `[Expert@MDS:0]# cpprod_util CPPROD_GetValue CPupgrade-tools-R80.20 BuildNumber 1` The output must show the same build number you see in the name of the downloaded package. Example: Name of the downloaded package: `ngm_upgrade_wrapper_992000043_1.tgz` `[Expert@MDS:0]# cpprod_util CPPROD_GetValue CPupgrade-tools-R80.20 BuildNumber 1` `992000043` `[Expert@MDS:0]#`

Step

Description

Download the required Upgrade Tools from sk135172.

Note - This is a CPUSE Offline package.

Install the required Upgrade Tools with CPUSE.

See Installing Software Packages on Gaia and follow the applicable action plan for the local offline installation.

Make sure the package is installed.

Run this command in the Expert mode:

[Expert@MDS:0]# cpprod_util CPPROD_GetValue CPupgrade-tools-R80.20 BuildNumber 1

The output must show the same build number you see in the name of the downloaded package.

Example:

Name of the downloaded package: ngm_upgrade_wrapper_992000043_1.tgz

[Expert@MDS:0]# cpprod_util CPPROD_GetValue CPupgrade-tools-R80.20 BuildNumber 1
992000043
[Expert@MDS:0]#

Step 8 of 10: Upgrade the Multi-Domain Log Server, dedicated Log Servers, and dedicated SmartEvent Servers

If your Multi-Domain Servers manage Multi-Domain Log Servers, dedicated Log Servers, or dedicated SmartEvent Servers, you must upgrade these dedicated servers to the same version as the Multi-Domain Servers:

For Multi-Domain Log Servers - Upgrade of a Multi-Domain Log Server from R80.20.M1 is not supported. You must perform a clean install of R80.20 Multi-Domain Log Server.
For Log Servers and SmartEvent Servers - see Upgrading a Management Server or Log Server from R80.20.M1.

Step 9 of 10: On every Multi-Domain Server with Active Domain Management Servers, upgrade the attributes of all managed objects in all Domain Management Servers

Step	Description
1	Connect to the command line on the R80.20 Multi-Domain Server.
2	Log in with the superuser credentials.
3	Log in to the Expert mode.
4	Make sure that on all Domain Management Servers, none of the required daemons (FWM, FWD, CPD, and CPCA) are in the state "`down`" (the "`pnd`" state is acceptable): `[Expert@MDS:0]# mdsstat` If some of the required daemons on a Domain Management Server are in the state "`down`", wait for 5-10 minutes, restart that Domain Management Server and check again. Run these three commands: `[Expert@MDS:0]# mdsstop_customer <`IP Address or Name of Domain Management Server`>` `[Expert@MDS:0]# mdsstart_customer <`IP Address or Name of Domain Management Server`>` `[Expert@MDS:0]# mdsstat`
5	Go to the main MDS context: `[Expert@MDS:0]# mdsenv`
6	Upgrade the attributes of all managed objects in all Domain Management Servers at once: `[Expert@MDS:0]# $MDSDIR/scripts/mds_fix_cmas_clms_version -c ALL` Notes: Because the command prompts you for a '`yes/no`' for each Domain and each object in the Domain, you can explicitly provide the '`yes`' answer to all questions with this command: `[Expert@MDS:0]# yes \| $MDSDIR/scripts/mds_fix_cmas_clms_version -c ALL` You can perform this action on one Multi-Domain Server at a time with this command: `[Expert@MDS:0]# $MDSDIR/scripts/mds_fix_cmas_clms_version -c ALL -n <`Name of Multi-Domain Server`>`
7	Make sure that on all Domain Management Servers, none of the required daemons (FWM, FWD, CPD, and CPCA) are in the state "`down`" (the "`pnd`" state is acceptable): `[Expert@MDS:0]# mdsstat` If some of the required daemons on a Domain Management Server are in the state "`down`", wait for 5-10 minutes, restart that Domain Management Server and check again. Run these three commands: `[Expert@MDS:0]# mdsstop_customer <`IP Address or Name of Domain Management Server`>` `[Expert@MDS:0]# mdsstart_customer <`IP Address or Name of Domain Management Server`>` `[Expert@MDS:0]# mdsstat`

Step 10 of 10: Test the functionality

Step	Description
1	Connect with the SmartConsole to the Primary R80.20 Multi-Domain Server.
2	Make sure the management database and configuration were upgraded correctly.
3	Test the Management High Availability functionality.