In a migration and upgrade scenario, you perform the procedure on the source Security Management Server and the different target Security Management Server.
Notes:
Important - Before you upgrade a Security Management Server:
Step |
Description |
---|---|
1 |
|
2 |
See the Upgrade Options and Prerequisites. |
3 |
In R80 and above, examine the SmartConsole sessions:
|
4 |
You must close all GUI clients (SmartConsole applications) connected to the source Security Management Server. |
Workflow:
Step 1 of 11: Get the R80.20 Management Server Migration Tool
Step |
Description |
---|---|
1 |
Download the R80.20 Management Server Migration Tool from the R80.20 Home Page SK. |
2 |
Transfer the R80.20 Management Server Migration Tool package to the current Security Management Server to some directory (for example, Note - Make sure to transfer the file in the binary mode. |
Step 2 of 11: On the current Security Management Server, run the Pre-Upgrade Verifier and export the management database
Step |
Description |
---|---|
1 |
Connect to the command line on the current Security Management Server. |
2 |
Log in to the Expert mode. |
3 |
Go to the directory, where you put the R80.20 Management Server Migration Tool package:
|
4 |
Extract the R80.20 Management Server Migration Tool package:
|
5 |
Important - This step applies only when you upgrade from R77.30 (or lower). Run the Pre-Upgrade Verifier (PUV).
|
6 |
Export the management database:
Notes:
|
7 |
This step applies only to R7x and R80 versions. If SmartEvent Software Blade is enabled, then export the Events database. See sk110173. |
8 |
Calculate the MD5 for the exported database files:
|
9 |
Transfer the exported databases from the current Security Management Server to an external storage:
Note - Make sure to transfer the file in the binary mode. |
Step 3 of 11: Install a new R80.20 Security Management Server
Perform a clean install of the R80.20 Security Management Server on another computer (do not perform initial configuration in SmartConsole).
Important:
The IP addresses of the source and target R80.20 Security Management Servers must be the same. If you need to have a different IP address on the R80.20 Security Management Server, you can change it only after the upgrade procedure. Note that you have to issue licenses for the new IP address. For applicable procedures, see sk40993 and sk65451.
Step 4 of 11: On the R80.20 Security Management Server, import the databases
Step |
Description |
---|---|
1 |
Connect to the command line on the R80.20 Security Management Server. |
2 |
Log in to the Expert mode. |
3 |
Make sure a valid license is installed:
If it is not already installed, then install a valid license now. |
4 |
Transfer the exported databases from an external storage to the R80.20 Security Management Server, to some directory. Note - Make sure to transfer the files in the binary mode. |
5 |
Make sure the transferred files are not corrupted. Calculate the MD5 for the transferred files and compare them to the MD5 that you calculated on the original Security Management Server:
|
6 |
Go to the
|
7 |
Import the management database:
Notes:
|
|
If you upgrade from R80 (or higher) version, and the IP addresses of the source and target Security Management Servers are different:
If you upgrade from R77.30 (or lower) version to R80.20, then the IP addresses of the source and target Security Management Servers must be the same.
|
8 |
This step applies only if you upgraded from R7x and R80 versions. If SmartEvent Software Blade is enabled, then import the Events database. See sk110173. |
9 |
Restart the Check Point services:
|
Step 5 of 11: Install the R80.20 SmartConsole
Step 6 of 11: Upgrade the dedicated Log Servers and dedicated SmartEvent Servers
If your Security Management Server manages dedicated Log Servers or SmartEvent Servers, you must upgrade these dedicated servers to the same version as the Security Management Server:
Step 7 of 11: Install the management database
Step |
Description |
---|---|
1 |
Connect with SmartConsole to the R80.20 Security Management Server. |
2 |
In the top left corner, click Menu > Install database. |
3 |
Select all objects. |
4 |
Click Install. |
5 |
Click OK. |
Step 8 of 11: Install the Event Policy
This step applies only if the SmartEvent Correlation Unit Software Blade is enabled on the R80.20 Security Management Server.
Step |
Description |
---|---|
1 |
Connect with the SmartConsole to the R80.20 Security Management Server. |
2 |
In the SmartConsole, from the left navigation panel, click Logs & Monitor. |
3 |
At the top, click + to open a new tab. |
4 |
In the bottom left corner, in the External Apps section, click SmartEvent Settings & Policy. The Legacy SmartEvent client opens. |
5 |
In the top left corner, click Menu > Actions > Install Event Policy. |
6 |
Confirm. |
7 |
Wait for these messages to appear:
|
8 |
Click Close. |
9 |
Close the Legacy SmartEvent client. |
Step 9 of 11: Test the functionality
Step |
Description |
---|---|
1 |
Connect with the SmartConsole to the R80.20 Security Management Server. |
2 |
Make sure the management database and configuration were upgraded correctly. |
Step 10 of 11: Disconnect the old Security Management Server from the network
Step 11 of 11: Connect the new Security Management Server to the network