Management Server Migration Tool and Upgrade Tools

Important:

  • You must always use the latest version of the R80.40 Upgrade Tools from sk135172 to:

    • Upgrade from R80.20.M1, R80.20, R80.20.M2, or R80.30 versions

    • Migrate a Domain Management Server between Multi-Domain Servers

    • Migrate a Domain Management Server from a Multi-Domain Server to a Security Management Server

    • Migrate a Security Management Server to a Domain on a Multi-Domain Server

    • Back up and restore a Domain on a Multi-Domain Server

    Notes:

    • If the Management Server / Log Serveris connected to the Internet and you enabled the "Allow Download" consent flag (see sk111080), then the server downloads and installs the latest version of the Upgrade Tools automatically.

      To enable the "Allow Download" consent flag:

      • In the Gaia First Time Configuration Wizard, you selected the option Automatically download Blade Contracts, new software, and other important data.

      • In SmartConsole, you selected the option Automatically download Contracts and other important data in Menu > Global properties > Security Management.

    • If the Management Server / Log Server is not connected to the Internet, then you must install the latest version of the Upgrade Tools manually.

  • To upgrade from R80.10 and lower, you must always use the Management Server Migration Tool of the version, to which you upgrade.

    Download the applicable Management Server Migration Tool package from the R80.40 Home Page

These Upgrade Tools:

  • Make sure it is possible to upgrade the current management database without issues.

  • Generate an upgrade report with the list of detected issues that can fail the upgrade.

The upgrade report shows these messages:

Message Category

Instructions

Action items before the upgrade

Errors you must repair before the upgrade.

Warnings of issues for you to decide whether to fix before upgrade.

An example of an error you must fix before the upgrade is an invalid policy name.

Action items after the upgrade

Errors and warnings that you must fix after the upgrade.

Information messages

Items to be aware of.

For example, an object type is not supported in the higher version, but is in your database and it is converted during the upgrade.

The most important files in the Management Server Migration Tool and Upgrade Tools packages:

Package

Instructions

migrate

migrate_server

Exports and imports the management database and applicable Check Point configuration.

For details, see the R80.40 CLI Reference Guide - Chapter Security Management Server Commands:

  • Section migrate.

  • Section migrate_server.

migrate.conf

Contains configuration settings for Advanced Upgrade / Database Migration.

ips_upgrade_tool

Runs the IPS database upgrade.

pre_upgrade_verifier

Analyzes compatibility of the currently installed configuration with the version, to which you upgrade.

It gives a report on the actions to take before and after the upgrade.

Note - This tool is required only when you upgrade from R77.30 (and lower) version.

puv_report_generator

Runs at the end of pre_upgrade_verifier and converts the text report file to an HTML file.

Note - This tool is required only when you upgrade from R77.30 (and lower) version.

Using the Pre-Upgrade Verifier

>

Best Practice - Always run the Pre-Upgrade Verifier (PUV) on the source server before the upgrade.

The Pre-Upgrade Verifier:

  • Analyzes compatibility of the currently installed configuration with the version, to which you upgrade. It gives a report on the actions to take before and after the upgrade.

  • Can only analyze a management database that is intended for upgrade to a different major version (for example, from R80.20 to R80.40).

  • Runs automatically during the upgrade process. You can also run it manually.

Run this command and use the applicable syntax based on the instructions on the screen:

Version

Server

Commands

R80.20

and higher

Security Management Server

$FWDIR/scripts/migrate_server -h

 

Multi-Domain Server,

Multi-Domain Log Server

$MDS_FWDIR/scripts/migrate_server verify -h

R80.10

and lower

Security Management Server

cd /<Path to Extracted Migration Tool>/

./pre_upgrade_verifier -h

 

Multi-Domain Server,

Multi-Domain Log Server

mount -o loop /var/log/path_to_iso/<R80.40_Gaia>.iso /mnt/cdrom

cd /mnt/cdrom/linux/p1_install/

./mds_setup

Select this option:

(1) Run Pre-upgrade verification only