In a CPUSE upgrade scenario, you perform the upgrade procedure on the same Multi-Domain Servers.
Note - This procedure is supported only for Multi-Domain Servers that run R80.20.M1.
Important - Before you upgrade:
Step |
Description |
---|---|
1 |
|
2 |
See the Upgrade Options and Prerequisites. |
3 |
In R80 and above, examine the SmartConsole sessions:
|
4 |
You must close all GUI clients (SmartConsole applications) connected to the source Multi-Domain Servers. |
5 |
Install the latest version of the CPUSE from sk92449. Note - The default CPUSE does not support the required Upgrade Tools package. |
Workflow:
Step 1 of 10: If the Primary Multi-Domain Server is not available, promote the Secondary Multi-Domain Server to be the Primary
For instructions, see the R80.20 Multi-Domain Security Management Administration Guide - Chapter Working with High Availability - Section Failure Recovery - Subsection Promoting the Secondary Multi-Domain Server to Primary.
Step 2 of 10: Get the required Upgrade Tools on the Primary R80.20.M1 Multi-Domain Server
Step |
Description |
---|---|
1 |
Download the required Upgrade Tools from sk135172. Note - This is a CPUSE Offline package. |
2 |
Install the required Upgrade Tools with CPUSE. See Installing Software Packages on Gaia and follow the applicable action plan for the local offline installation. |
3 |
Make sure the package is installed. Run this command in the Expert mode:
The output must show the same build number you see in the name of the downloaded package. Example: Name of the downloaded package:
|
Note - The command
from these Upgrade Tools always tries to connect to Check Point Cloud over the Internet. This is to make sure you always have the latest version of these Upgrade Tools installed. If the connection to Check Point Cloud fails, this message appears:migrate_server
"
"Timeout. Failed to retrieve Upgrade Tools package. To download the package manually, refer to sk135172.
Step 3 of 10: Upgrade the Primary R80.20.M1 Multi-Domain Server with CPUSE
See Installing Software Packages on Gaia and follow the applicable action plan for the local installation.
Step 4 of 10: Install the R80.20 SmartConsole
Step 5 of 10: On the Primary R80.20 Multi-Domain Server, install the management database
Step |
Description |
---|---|
1 |
Connect with SmartConsole to each Domain Management Server. |
2 |
In the top left corner, click Menu > Install database. |
3 |
Select all objects. |
4 |
Click Install. |
5 |
Click OK. |
Step 6 of 10: Perform a clean install of the R80.20 on the Secondary Multi-Domain Server
Perform a clean install of the Secondary R80.20 Multi-Domain Server.
Important:
The IP addresses of the source and target Multi-Domain Servers must be the same. If you need to have a different IP address on the R80.20 Multi-Domain Server, you can change it only after the upgrade procedure. Note that you have to issue licenses for the new IP address. For applicable procedure, see sk74020.
Step 7 of 10: Get the required Upgrade Tools on the Secondary R80.20 Multi-Domain Server
Note - This step is needed only to be able to export the management database (for backup purposes) with the latest Upgrade Tools.
Step |
Description |
---|---|
1 |
Download the required Upgrade Tools from sk135172. Note - This is a CPUSE Offline package. |
2 |
Install the required Upgrade Tools with CPUSE. See Installing Software Packages on Gaia and follow the applicable action plan for the local offline installation. |
3 |
Make sure the package is installed. Run this command in the Expert mode:
The output must show the same build number you see in the name of the downloaded package. Example: Name of the downloaded package:
|
Note - The command
from these Upgrade Tools always tries to connect to Check Point Cloud over the Internet. This is to make sure you always have the latest version of these Upgrade Tools installed. If the connection to Check Point Cloud fails, this message appears:migrate_server
"
"Timeout. Failed to retrieve Upgrade Tools package. To download the package manually, refer to sk135172.
Step 8 of 10: Upgrade the Multi-Domain Log Server, dedicated Log Servers, and dedicated SmartEvent Servers
If your Multi-Domain Servers manage Multi-Domain Log Servers, dedicated Log Servers, or dedicated SmartEvent Servers, you must upgrade these dedicated servers to the same version as the Multi-Domain Servers:
Step 9 of 10: On every Multi-Domain Server with Active Domain Management Servers, upgrade the attributes of all managed objects in all Domain Management Servers
Step |
Description |
---|---|
1 |
Connect to the command line on the R80.20 Multi-Domain Server. |
2 |
Log in with the superuser credentials. |
3 |
Log in to the Expert mode. |
4 |
Make sure that on all Domain Management Servers, none of the required daemons (FWM, FWD, CPD, and CPCA) are in the state "
If some of the required daemons on a Domain Management Server are in the state "
|
5 |
Go to the main MDS context:
|
6 |
Upgrade the attributes of all managed objects in all Domain Management Servers at once:
Notes:
|
7 |
Make sure that on all Domain Management Servers, none of the required daemons (FWM, FWD, CPD, and CPCA) are in the state "
If some of the required daemons on a Domain Management Server are in the state "
|
Step 10 of 10: Test the functionality
Step |
Description |
---|---|
1 |
Connect with the SmartConsole to the Primary R80.20 Multi-Domain Server. |
2 |
Make sure the management database and configuration were upgraded correctly. |
3 |
Test the Management High Availability functionality. |