Upgrading a Multi-Domain Log Server from R80.10 and lower with Migration

In a migration and upgrade scenario, you perform the procedure on the source Multi-Domain Log Server and the different target Multi-Domain Log Server.

Note - Upgrade of a Multi-Domain Log Server from R80.20.M1 is not supported. You must perform a clean install of R80.20 Multi-Domain Log Server.

Important - Before you upgrade a Multi-Domain Log Server:

Step	Description
1	Back up your current configuration.
2	See the Upgrade Options and Prerequisites.
3	You must upgrade your Multi-Domain Servers.
4	You must close all GUI clients (SmartConsole applications) connected to the source Multi-Domain Log Server.

Workflow:

Get the R80.20 installation image
On the current Multi-Domain Log Server, run the Pre-Upgrade Verifier and export the entire management database
Install a new R80.20 Multi-Domain Log Server
On the new R80.20 Multi-Domain Log Server, import the entire management database
Install the management database
On the new R80.20 Multi-Domain Log Server, upgrade the attributes of all managed objects in all Domain Log Servers
Test the functionality on R80.20 Multi-Domain Log Server
Test the functionality on R80.20 Multi-Domain Server
Disconnect the old Multi-Domain Log Server from the network
Connect the new Multi-Domain Log Server to the network

Step 1 of 10: Get the R80.20 installation image

Step	Description
1	Download the R80.20 Clean Install ISO file from the R80.20 Home Page SK.
2	Transfer the R80.20 ISO file to the current Multi-Domain Server to some directory (for example, `/var/log/path_to_iso/`). Note - Make sure to transfer the file in the binary mode.

Step

Description

Download the R80.20 Clean Install ISO file from the R80.20 Home Page SK.

Transfer the R80.20 ISO file to the current Multi-Domain Server to some directory (for example, /var/log/path_to_iso/).

Note - Make sure to transfer the file in the binary mode.

Step 2 of 10: On the current Multi-Domain Log Server, run the Pre-Upgrade Verifier and export the entire management database

Step	Description
1	Connect to the command line on the current Multi-Domain Log Server.
2	Log in with the superuser credentials.
3	Log in to the Expert mode.
4	Stop all Check Point services: `[Expert@MDLS:0]# mdsstop`
5	Go to the main MDS context: `[Expert@MDLS:0]# mdsenv`
6	Mount the R80.20 ISO file: `[Expert@MDLS:0]# mount -o loop /var/log/path_to_iso/<R80.20_Gaia>.iso /mnt/cdrom`
7	Go to the installation folder in the ISO: `[Expert@MDLS:0]# cd /mnt/cdrom/linux/p1_install/`
8	Run the installation script: `[Expert@MDLS:0]# ./mds_setup` This menu shows: `(1) Run Pre-upgrade verification only [recommended before upgrade]` `(2) Backup current Multi-Domain Server` `(3) Export current Multi-Domain Server` `Or 'Q' to quit.`
9	Enter 1 to run the Pre-upgrade verification. Note - The Pre-Upgrade Verifier analyzes compatibility of the currently installed configuration with the version, to which you upgrade. A detailed report shows the steps to do before and after the upgrade.
10	Read the Pre-Upgrade Verifier output. If you need to fix errors: Start all Check Point services: `[Expert@MDLS:0]# mdsstart` Follow the instructions in the report. In a Management High Availability environment R77.30 and lower, if you made changes, synchronize the Domain Management Servers immediately after these changes (in R80 and above, this synchronization occurs automatically). Stop all Check Point services again: `[Expert@MDLS:0]# mdsstop` Run the installation script again: `[Expert@MDLS:0]# ./mds_setup` This menu shows: `(1) Run Pre-upgrade verification only [recommended before upgrade]` `(2) Backup current Multi-Domain Server` `(3) Export current Multi-Domain Server` `Or 'Q' to quit.`
11	Enter 3 to export the current Multi-Domain Log Server configuration.
12	Answer the interactive questions: `Would you like to proceed with the export now [yes/no] ?` yes `Please enter target directory for your Multi-Domain Server export (or 'Q' to quit):` /var/log `Do you plan to import to a version newer than R80.20 [yes/no] ?` no `Using migrate_tools from disk.` `Do you wish to export the log database [yes/no] ?` yes (or no) Note - If you enter no in the question "`Do you wish to export the log database`", the configuration is still exported.
13	Make sure the export file is created in the specified directory: `[Expert@MDLS:0]# ls -l /var/log/exported_mds.<`DDMMYYYY-HHMMSS`>.tgz`
14	Calculate the MD5 for the exported file: `[Expert@MDLS:0]# md5sum /var/log/exported_mds.<`DDMMYYYY-HHMMSS`>.tgz`
15	Transfer the exported database from the current Multi-Domain Log Server to an external storage: `/var/log/exported_mds.<`DDMMYYYY-HHMMSS`>.tgz` Note - Make sure to transfer the file in the binary mode.

Step 3 of 10: Install a new R80.20 Multi-Domain Log Server

Perform a clean install of the R80.20 Multi-Domain Log Server on another computer (do not perform initial configuration in SmartConsole).

Important:

The IP addresses of the source and target R80.20 Multi-Domain Log Servers must be the same. If you need to have a different IP address on the R80.20 Multi-Domain Log Server, you can change it only after the upgrade procedure. Note that you have to issue licenses for the new IP address. For applicable procedure, see sk74020.

Step 4 of 10: On the new R80.20 Multi-Domain Log Server, import the entire management database

Step	Description
1	Connect to the command line on the R80.20 Multi-Domain Log Server.
2	Log in with the superuser credentials.
3	Log in to the Expert mode.
4	Make sure a valid license is installed: `mdsenv` `cplic print` If it is not already installed, then install a valid license now.
5	Transfer the exported database from an external storage to the R80.20 Multi-Domain Log Server, to some directory. Note - Make sure to transfer the file in the binary mode.
6	Make sure the transferred file is not corrupted. Calculate the MD5 for the transferred file and compare it to the MD5 that you calculated on the original Multi-Domain Log Server: `[Expert@MDLS:0]# md5sum /<`Full Path`>/exported_mds.<`DDMMYYYY-HHMMSS`>.tgz`
7	Import the configuration: `[Expert@MDLS:0]# yes \| nohup $MDSDIR/scripts/mds_import.sh /<`Full Path`>/exported_mds.<`DDMMYYYY-HHMMSS`>.tgz` & Note: `yes \| nohup ... &` - are mandatory parts of the syntax.
8	Make sure that on all Domain Log Servers, none of the required daemons (FWM, FWD, CPD, and CPCA) are in the state "`down`" (the "`pnd`" state is acceptable): `[Expert@MDLS:0]# mdsstat` If some of the required daemons on a Domain Log Server are in the state "`down`", wait for 5-10 minutes, restart that Domain Log Server and check again. Run these three commands: `[Expert@MDLS:0]# mdsstop_customer <`IP Address or Name of Domain Log Server`>` `[Expert@MDLS:0]# mdsstart_customer <`IP Address or Name of Domain Log Server`>` `[Expert@MDLS:0]# mdsstat`

Step 5 of 10: Install the management database

Step	Description
1	Connect with SmartConsole to each R80.20 Domain Management Server that manages the Domain Log Server.
2	In the top left corner, click Menu > Install database.
3	Select all objects.
4	Click Install.
5	Click OK.

Step 6 of 10: On the new R80.20 Multi-Domain Log Server, upgrade the attributes of all managed objects in all Domain Log Servers

Step	Description
1	Connect to the command line on the R80.20 Multi-Domain Log Server.
2	Log in with the superuser credentials.
3	Log in to the Expert mode.
4	Make sure that on all Domain Log Servers, none of the required daemons (FWM, FWD, CPD, and CPCA) are in the state "`down`" (the "`pnd`" state is acceptable): `[Expert@MDLS:0]# mdsstat` If some of the required daemons on a Domain Log Server are in the state "`down`", wait for 5-10 minutes, restart that Domain Log Server and check again. Run these three commands: `[Expert@MDLS:0]# mdsstop_customer <`IP Address or Name of Domain Log Server`>` `[Expert@MDLS:0]# mdsstart_customer <`IP Address or Name of Domain Log Server`>` `[Expert@MDLS:0]# mdsstat`
5	Go to the main MDS context: `[Expert@MDLS:0]# mdsenv`
6	Upgrade the attributes of all managed objects in all Domain Log Servers at once: `[Expert@MDLS:0]# $MDSDIR/scripts/mds_fix_cmas_clms_version -c ALL` Notes: Because the command prompts you for a '`yes/no`' for each Domain and each object in the Domain, you can explicitly provide the '`yes`' answer to all questions with this command: `[Expert@MDLS:0]# yes \| $MDSDIR/scripts/mds_fix_cmas_clms_version -c ALL` You can perform this action on one Multi-Domain Log Server at a time with this command: `[Expert@MDLS:0]# $MDSDIR/scripts/mds_fix_cmas_clms_version -c ALL -n <`Name of Multi-Domain Log Server`>`
7	Allow the database synchronization to run: `[Expert@MDLS:0]# $CPDIR/bin/cpprod_util CPPROD_SetValue "FW1/6.0" AfterUpgradeDbsyncIndication 1 1 0` Restart the Check Point services: `[Expert@MDLS:0]# mdsstop` `[Expert@MDLS:0]# mdsstart` For more information, see sk121718.
8	Make sure that on all Domain Log Servers, none of the required daemons (FWM, FWD, CPD, and CPCA) are in the state "`down`" (the "`pnd`" state is acceptable): `[Expert@MDLS:0]# mdsstat` If some of the required daemons on a Domain Log Server are in the state "`down`", wait for 5-10 minutes, restart that Domain Log Server and check again. Run these three commands: `[Expert@MDLS:0]# mdsstop_customer <`IP Address or Name of Domain Log Server`>` `[Expert@MDLS:0]# mdsstart_customer <`IP Address or Name of Domain Log Server`>` `[Expert@MDLS:0]# mdsstat`

Step 7 of 10: Test the functionality on R80.20 Multi-Domain Log Server

Step	Description
1	Connect with the SmartConsole to the R80.20 Multi-Domain Log Server.
2	Make sure the configuration was upgraded correctly and it works as expected.

Step 8 of 10: Test the functionality on R80.20 Multi-Domain Server

Step	Description
1	Connect with the SmartConsole to the R80.20 Multi-Domain Server.
2	Make sure the logging works as expected.

Step 9 of 10: Disconnect the old Multi-Domain Log Server from the network

Step 10 of 10: Connect the new Multi-Domain Log Server to the network