Print Download PDF Send Feedback

Previous

Next

Upgrading Multi-Domain Servers in High Availability from R80.20, R80.10, and lower with CPUSE

In a CPUSE upgrade scenario, you perform the upgrade procedure on the same Multi-Domain Servers.

Notes:

Important - Before you upgrade:

Step

Description

1

Back up your current configuration.

2

See the Upgrade Options and Prerequisites.

3

In R80 and above, examine the SmartConsole sessions:

  1. Connect with the SmartConsole to each Domain Management Server.
  2. From the left navigation panel, click Manage & Settings > Sessions > View Sessions.
  3. You must publish or discard all sessions, for which the Changes column shows a number greater than zero.

    Right-click on such session and select Publish or Discard.

 

4

In Multi-Domain Server R80 or R80.10 with enabled vSEC Controller:

  1. Connect with SmartConsole to the Global Domain.
  2. Delete all global Data Centers objects.
  3. Assign the modified Global Policies.

 

5

You must close all GUI clients (SmartConsole applications) connected to the source Multi-Domain Servers.

Workflow:

  1. If the Primary Multi-Domain Server is not available, promote the Secondary Multi-Domain Server to be the Primary
  2. Upgrade the Primary Multi-Domain Server with CPUSE
  3. Install the R80.30 SmartConsole
  4. On the Primary Multi-Domain Server, install the management database
  5. Upgrade the Secondary Multi-Domain Server with CPUSE
  6. On the Secondary Multi-Domain Server, install the management database
  7. Upgrade the Multi-Domain Log Server, dedicated Log Servers, and dedicated SmartEvent Servers
  8. On every Multi-Domain Server with Active Domain Management Servers, upgrade the attributes of all managed objects in all Domain Management Servers
  9. Test the functionality

Step 1 of 9: If the Primary Multi-Domain Server is not available, promote the Secondary Multi-Domain Server to be the Primary

For instructions, see the R80.30 Multi-Domain Security Management Administration Guide - Chapter Working with High Availability - Section Failure Recovery - Subsection Promoting the Secondary Multi-Domain Server to Primary.

Step 2 of 9: Upgrade the Primary Multi-Domain Server with CPUSE

See Installing Software Packages on Gaia and follow the applicable action plan for the local installation.

Step 3 of 9: Install the R80.30 SmartConsole

See Installing SmartConsole.

Step 4 of 9: On the Primary Multi-Domain Server, install the management database

Step

Description

1

Connect with SmartConsole to each Domain Management Server.

2

In the top left corner, click Menu > Install database.

3

Select all objects.

4

Click Install.

5

Click OK.

Step 5 of 9: Upgrade the Secondary Multi-Domain Server with CPUSE

See Installing Software Packages on Gaia and follow the applicable action plan for the local installation.

Step 6 of 9: On the Secondary Multi-Domain Server, install the management database

Step

Description

1

Connect with SmartConsole to each Domain Management Server.

2

In the top left corner, click Menu > Install database.

3

Select all objects.

4

Click Install.

5

Click OK.

Step 7 of 9: Upgrade the Multi-Domain Log Server, dedicated Log Servers, and dedicated SmartEvent Servers

If your Multi-Domain Servers manage Multi-Domain Log Servers, dedicated Log Servers, or dedicated SmartEvent Servers, you must upgrade these dedicated servers to the same version as the Multi-Domain Servers:

Step 8 of 9: On every Multi-Domain Server with Active Domain Management Servers, upgrade the attributes of all managed objects in all Domain Management Servers

To determine which Multi-Domain Servers run Active Domain Management Servers:

  1. Connect with SmartConsole to an Multi-Domain Server to the MDS context.
  2. From the left navigation panel, click Multi Domain > Domains.

The table shows Domains and Multi-Domain Servers:

Procedure:

Step

Description

1

Connect to the command line every Multi-Domain Server that has at least one Active Domain Management Server.

2

Log in with the superuser credentials.

3

Log in to the Expert mode.

4

Make sure that on all Domain Management Servers, none of the required daemons (FWM, FWD, CPD, and CPCA) are in the state "down" (the "pnd" state is acceptable):

[Expert@MDS:0]# mdsstat

If some of the required daemons on a Domain Management Server are in the state "down", wait for 5-10 minutes, restart that Domain Management Server and check again. Run these three commands:

[Expert@MDS:0]# mdsstop_customer <IP Address or Name of Domain Management Server>

[Expert@MDS:0]# mdsstart_customer <IP Address or Name of Domain Management Server>

[Expert@MDS:0]# mdsstat

5

Go to the main MDS context:

[Expert@MDS:0]# mdsenv

6

Upgrade the attributes of all managed objects in all Domain Management Servers at once:

[Expert@MDS:0]# $MDSDIR/scripts/mds_fix_cmas_clms_version -c ALL

Notes:

  • Because the command prompts you for a 'yes/no' for each Domain and each object in the Domain, you can explicitly provide the 'yes' answer to all questions with this command:

    [Expert@MDS:0]# yes | $MDSDIR/scripts/mds_fix_cmas_clms_version -c ALL

  • You can perform this action on one Multi-Domain Server at a time with this command:

    [Expert@MDS:0]# $MDSDIR/scripts/mds_fix_cmas_clms_version -c ALL -n <Name of Multi-Domain Server>

7

Allow the database synchronization to run:

[Expert@MDS:0]# $CPDIR/bin/cpprod_util CPPROD_SetValue "FW1/6.0" AfterUpgradeDbsyncIndication 1 1 0

Restart the Check Point services:

[Expert@MDS:0]# mdsstop

[Expert@MDS:0]# mdsstart

For more information, see sk121718.

8

Make sure that on all Domain Management Servers, none of the required daemons (FWM, FWD, CPD, and CPCA) are in the state "down" (the "pnd" state is acceptable):

[Expert@MDS:0]# mdsstat

If some of the required daemons on a Domain Management Server are in the state "down", wait for 5-10 minutes, restart that Domain Management Server and check again. Run these three commands:

[Expert@MDS:0]# mdsstop_customer <IP Address or Name of Domain Management Server>

[Expert@MDS:0]# mdsstart_customer <IP Address or Name of Domain Management Server>

[Expert@MDS:0]# mdsstat

Step 9 of 9: Test the functionality

Step

Description

1

Connect with SmartConsole to the Primary R80.30 Multi-Domain Server.

2

Make sure the management database and configuration were upgraded correctly.

3

Test the Management High Availability functionality.