Print Download PDF Send Feedback

Previous

Next

Upgrading a Dedicated Log Server, or Endpoint Policy Server from R80.20, R80.10, and lower with Advanced Upgrade

In an advanced upgrade scenario, you perform the upgrade procedure on the same Log Server or Endpoint Policy Server.

Notes:

Important - Before you upgrade a Log Server, or Endpoint Policy Server:

Step

Description

1

Back up your current configuration.

2

See the Upgrade Options and Prerequisites.

3

Before you upgrade a dedicated Log Server or Endpoint Policy Server, you must upgrade the applicable Management Server that manages it.

4

You must upgrade your Security Management Servers, Multi-Domain Servers, and Endpoint Security Management Servers.

5

You must close all GUI clients (SmartConsole applications) connected to the Log Server or Endpoint Policy Server.

Workflow:

  1. Get the R80.30 Management Server Migration Tool
  2. On the current Log Server, run the Pre-Upgrade Verifier and export the entire management database
  3. Get the R80.30 Log Server
  4. On the R80.30 Log Server, import the database
  5. Install the management database
  6. Install the Event Policy
  7. Test the functionality on R80.30 Log Server
  8. Test the functionality on R80.30 Management Server

Step 1 of 8: Get the R80.30 Management Server Migration Tool

Step

Description

1

Download the R80.30 Management Server Migration Tool from the R80.30 Home Page SK.

2

Transfer the R80.30 Management Server Migration Tool package to the current Log Server to some directory (for example, /var/log/path_to_migration_tool/).

Note - Make sure to transfer the file in the binary mode.

Step 2 of 8: On the current Log Server, run the Pre-Upgrade Verifier and export the entire management database

Step

Description

1

Connect to the command line on the current Log Server.

2

Log in to the Expert mode.

3

Go to the directory, where you put the R80.30 Management Server Migration Tool package:

[Expert@LogServer:0]# cd /var/log/path_to_migration_tool/

4

Extract the R80.30 Management Server Migration Tool package:

[Expert@LogServer:0]# tar zxvf <Name of Management Server Migration Tool Package>.tgz

5

Important - This step applies only when you upgrade from R77.30 (or lower).

Run the Pre-Upgrade Verifier (PUV).

  1. Run this command and use the applicable syntax based on the instructions on the screen:

    [Expert@MGMT:0]# ./pre_upgrade_verifier -h

  2. Read the Pre-Upgrade Verifier output.

    If you need to fix errors:

    i) Follow the instructions in the report.

    ii) Run the Pre-Upgrade Verifier again.

6

Export the management database:

[Expert@LogServer:0]# yes | nohup ./migrate export [-l | -x] [-n] /<Full Path>/<Name of Exported File> &

Notes:

  • yes | nohup ... & - are mandatory parts of the syntax.
  • See the R80.30 CLI Reference Guide - Chapter Security Management Server Commands - Section migrate.

7

Calculate the MD5 for the exported database file:

[Expert@LogServer:0]# md5sum /<Full Path>/<Name of Database File>.tgz

8

Transfer the exported database from the current Log Server to an external storage:

/<Full Path>/<Name of Database File>.tgz

Note - Make sure to transfer the file in the binary mode.

Step 3 of 8: Get the R80.30 Log Server

Do not perform initial configuration in SmartConsole.

Current OS

Available options

Gaia

You can:

Operating System
other than Gaia

You must perform a clean install of the R80.30 Log Server

Important:

The IP addresses of the source and target R80.30 Log Servers must be the same. If you need to have a different IP address on the R80.30 Log Server, you can change it only after the upgrade procedure. Note that you have to issue licenses for the new IP address. For applicable procedures, see sk40993 and sk65451.

Step 4 of 8: On the R80.30 Log Server, import the database

Step

Description

1

Connect to the command line on the R80.30 Log Server.

2

Log in to the Expert mode.

3

Make sure a valid license is installed:

cplic print

If it is not already installed, then install a valid license now.

4

Transfer the exported database from an external storage to the R80.30 Log Server, to some directory.

Note - Make sure to transfer the file in the binary mode.

5

Make sure the transferred file is not corrupted.

Calculate the MD5 for the transferred file and compare it to the MD5 that you calculated on the original Log Server:

[Expert@LogServer:0]# md5sum /<Full Path>/<Name of Database File>.tgz

6

Go to the $FWDIR/bin/upgrade_tools/ directory:

[Expert@LogServer:0]# cd $FWDIR/bin/upgrade_tools/

7

Import the entire management database:

[Expert@LogServer:0]# yes | nohup ./migrate import [-l | -x] [-n] /<Full Path>/<Name of Exported File>.tgz &

Notes:

  • yes | nohup ... & - are mandatory parts of the syntax.
  • See the R80.30 CLI Reference Guide - Chapter Security Management Server Commands - Section migrate.

8

Restart the Check Point services:

[Expert@LogServer:0]# cpstop

[Expert@LogServer:0]# cpstart

Step 5 of 8: Install the management database

Step

Description

1

Connect with SmartConsole to the R80.30 Management Server that manages this dedicated Log Server.

2

In the top left corner, click Menu > Install database.

3

Select all objects.

4

Click Install.

5

Click OK.

Step 6 of 8: Install the Event Policy

This step applies only if the SmartEvent Correlation Unit Software Blade is enabled on the dedicated R80.30 Log Server.

Step

Description

1

Connect with SmartConsole to the dedicated R80.30 SmartEvent Server.

2

At the top, click + to open a new tab.

3

In the bottom left corner, in the External Apps section, click SmartEvent Settings & Policy.

The Legacy SmartEvent client opens.

4

In the top left corner, click Menu > Actions > Install Event Policy.

5

Confirm.

6

Wait for these messages to appear:

SmartEvent Policy Installer installation complete

SmartEvent Policy Installer installation succeeded

7

Click Close.

8

Close the Legacy SmartEvent client.

Step 7 of 8: Test the functionality on R80.30 Log Server

Step

Description

1

Connect with SmartConsole to the R80.30 Log Server.

2

Make sure the configuration was upgraded correctly and it works as expected.

Step 8 of 8: Test the functionality on R80.30 Management Server

Step

Description

1

Connect with SmartConsole to the R80.30 Management Server.

2

Make sure the logging works as expected.