1

Back up your current configuration.

2

See the Upgrade Options and Prerequisites.

3

In R80 and above, examine the SmartConsole sessions:

1. Connect with the SmartConsole to each Domain Management Server.
2. From the left navigation panel, click Manage & Settings > Sessions > View Sessions.
3. You must publish or discard all sessions, for which the Changes column shows a number greater than zero.

   Right-click on such session and select Publish or Discard.

4

In Multi-Domain Server R80 or R80.10 with enabled vSEC Controller:

1. Connect with SmartConsole to the Global Domain.
2. Delete all global Data Centers objects.
3. Assign the modified Global Policies.

5

You must close all GUI clients (SmartConsole applications) connected to the source Multi-Domain Server.

1

Download the R80.30 Clean Install ISO file from the R80.30 Home Page SK.

2

Transfer the R80.30 ISO file to the current Multi-Domain Server to some directory (for example, /var/log/path_to_iso/).

Note - Make sure to transfer the file in the binary mode.

1

Connect to the command line on the current Multi-Domain Server.

2

Log in with the superuser credentials.

3

Log in to the Expert mode.

4

Stop all Check Point services:

[Expert@MDS:0]# mdsstop

5

Go to the main MDS context:

[Expert@MDS:0]# mdsenv

6

Mount the R80.30 ISO file:

[Expert@MDS:0]# mount -o loop /var/log/path_to_iso/<R80.30_Gaia>.iso /mnt/cdrom

7

Go to the installation folder in the ISO:

[Expert@MDS:0]# cd /mnt/cdrom/linux/p1_install/

8

Run the installation script:

[Expert@MDS:0]# ./mds_setup

This menu shows:

(1) Run Pre-upgrade verification only [recommended before upgrade]
(2) Backup current Multi-Domain Server
(3) Export current Multi-Domain Server
Or 'Q' to quit.

9

Enter 1 to run the Pre-upgrade verification.

Note - The Pre-Upgrade Verifier analyzes compatibility of the currently installed configuration with the version, to which you upgrade. A detailed report shows the steps to do before and after the upgrade.

10

Read the Pre-Upgrade Verifier output.

If you need to fix errors:

1. Start all Check Point services:

   [Expert@MDS:0]# mdsstart

2. Follow the instructions in the report.
3. Connect with SmartConsole to the Global Domain that is currently in the Active state.
4. Reassign the Global Policy on all Domains.
5. In a Management High Availability environment R77.30 and lower, if you made changes, synchronize the Domain Management Servers immediately after these changes (in R80 and above, this synchronization occurs automatically).
6. Stop all Check Point services again:

   [Expert@MDS:0]# mdsstop

7. Run the installation script again:

   [Expert@MDS:0]# ./mds_setup

   This menu shows:

   (1) Run Pre-upgrade verification only [recommended before upgrade]
(2) Backup current Multi-Domain Server
(3) Export current Multi-Domain Server
Or 'Q' to quit.

11

Enter 3 to export the current Multi-Domain Server configuration.

12

Answer the interactive questions:

Would you like to proceed with the export now [yes/no] ? yes

Please enter target directory for your Multi-Domain Server export (or 'Q' to quit): /var/log

Do you plan to import to a version newer than R80.30 [yes/no] ? no

Using migrate_tools from disk.

Do you wish to export the log database [yes/no] ? yes (or no)

Note - If you enter no in the question "Do you wish to export the log database", the configuration is still exported.

13

Make sure the export file is created in the specified directory:

[Expert@MDS:0]# ls -l /var/log/exported_mds.<DDMMYYYY-HHMMSS>.tgz

14

Calculate the MD5 for the exported file:

[Expert@MDS:0]# md5sum /var/log/exported_mds.<DDMMYYYY-HHMMSS>.tgz

15

Transfer the exported database from the current Multi-Domain Server to an external storage:

/var/log/exported_mds.<DDMMYYYY-HHMMSS>.tgz

Note - Make sure to transfer the file in the binary mode.

1

Connect to the command line on the R80.30 Multi-Domain Server.

2

Log in with the superuser credentials.

3

Log in to the Expert mode.

4

Make sure a valid license is installed:

mdsenv

cplic print

If it is not already installed, then install a valid license now.

5

Transfer the exported database from an external storage to the R80.30 Multi-Domain Server, to some directory.

Note - Make sure to transfer the file in the binary mode.

6

Make sure the transferred file is not corrupted.

Calculate the MD5 for the transferred file and compare it to the MD5 that you calculated on the original Multi-Domain Server:

[Expert@MDS:0]# md5sum /<Full Path>/exported_mds.<DDMMYYYY-HHMMSS>.tgz

7

Import the configuration:

[Expert@MDS:0]# yes | nohup $MDSDIR/scripts/mds_import.sh /<Full Path>/exported_mds.<DDMMYYYY-HHMMSS>.tgz &

Note: yes | nohup ... & - are mandatory parts of the syntax.

8

Make sure that on all Domain Management Servers, none of the required daemons (FWM, FWD, CPD, and CPCA) are in the state "down" (the "pnd" state is acceptable):

[Expert@MDS:0]# mdsstat

If some of the required daemons on a Domain Management Server are in the state "down", wait for 5-10 minutes, restart that Domain Management Server and check again. Run these three commands:

[Expert@MDS:0]# mdsstop_customer <IP Address or Name of Domain Management Server>

[Expert@MDS:0]# mdsstart_customer <IP Address or Name of Domain Management Server>

[Expert@MDS:0]# mdsstat

1

Connect with SmartConsole to each Domain Management Server.

2

In the top left corner, click Menu > Install database.

3

Select all objects.

4

Click Install.

5

Click OK.

1

Connect to the command line on the R80.30 Multi-Domain Server.

2

Log in with the superuser credentials.

3

Log in to the Expert mode.

4

Make sure that on all Domain Management Servers, none of the required daemons (FWM, FWD, CPD, and CPCA) are in the state "down" (the "pnd" state is acceptable):

[Expert@MDS:0]# mdsstat

If some of the required daemons on a Domain Management Server are in the state "down", wait for 5-10 minutes, restart that Domain Management Server and check again. Run these three commands:

[Expert@MDS:0]# mdsstop_customer <IP Address or Name of Domain Management Server>

[Expert@MDS:0]# mdsstart_customer <IP Address or Name of Domain Management Server>

[Expert@MDS:0]# mdsstat

5

Go to the main MDS context:

[Expert@MDS:0]# mdsenv

6

Upgrade the attributes of all managed objects in all Domain Management Servers at once:

[Expert@MDS:0]# $MDSDIR/scripts/mds_fix_cmas_clms_version -c ALL

Notes:

• Because the command prompts you for a 'yes/no' for each Domain and each object in the Domain, you can explicitly provide the 'yes' answer to all questions with this command:

  [Expert@MDS:0]# yes | $MDSDIR/scripts/mds_fix_cmas_clms_version -c ALL

• You can perform this action on one Multi-Domain Server at a time with this command:

  [Expert@MDS:0]# $MDSDIR/scripts/mds_fix_cmas_clms_version -c ALL -n <Name of Multi-Domain Server>

7

Allow the database synchronization to run:

[Expert@MDS:0]# $CPDIR/bin/cpprod_util CPPROD_SetValue "FW1/6.0" AfterUpgradeDbsyncIndication 1 1 0

Restart the Check Point services:

[Expert@MDS:0]# mdsstop

[Expert@MDS:0]# mdsstart

For more information, see sk121718.

8

Make sure that on all Domain Management Servers, none of the required daemons (FWM, FWD, CPD, and CPCA) are in the state "down" (the "pnd" state is acceptable):

[Expert@MDS:0]# mdsstat

If some of the required daemons on a Domain Management Server are in the state "down", wait for 5-10 minutes, restart that Domain Management Server and check again. Run these three commands:

[Expert@MDS:0]# mdsstop_customer <IP Address or Name of Domain Management Server>

[Expert@MDS:0]# mdsstart_customer <IP Address or Name of Domain Management Server>

[Expert@MDS:0]# mdsstat

1

Connect with SmartConsole to the R80.30 Multi-Domain Server.

2

Make sure the management database and configuration were upgraded correctly.