Management Server Migration Tool and Upgrade Tools

Important:

These Upgrade Tools:

  • Make sure it is possible to upgrade the current management database without issues.

  • Generate an upgrade report with the list of detected issues that can fail the upgrade.

The upgrade report shows these messages:

Message Category

Instructions

Action items before the upgrade

Errors you must repair before the upgrade.

Warnings of issues for you to decide whether to fix before upgrade.

An example of an error you must fix before the upgrade is an invalid policy name.

Action items after the upgrade

Errors and warnings that you must fix after the upgrade.

Information messages

Items to be aware of.

For example, an object type is not supported in the higher version, but is in your database and it is converted during the upgrade.

The most important files in the Management Server Migration Tool and Upgrade Tools packages:

Package

Instructions

migrate

migrate_server

Exports and imports the management database and applicable Check Point configuration.

For details, see the R80.40 CLI Reference Guide - Chapter Security Management Server Commands:

  • Section migrate.

  • Section migrate_server.

migrate.conf

Contains configuration settings for Advanced Upgrade / Database MigrationClosed Process of: (1) Installing the latest Security Management Server or Multi-Domain Server version from the distribution media on a separate computer from the existing Security Management Server or Multi-Domain Server (2) Exporting the management database from the existing Security Management Server or Multi-Domain Server (3) Importing the management database to the new Security Management Server or Multi-Domain Server This upgrade method minimizes upgrade risks for an existing deployment..

ips_upgrade_tool

Runs the IPSClosed Check Point Software Blade on a Security Gateway that inspects and analyzes packets and data for numerous types of risks (Intrusion Prevention System). database upgrade.

pre_upgrade_verifier

Analyzes compatibility of the currently installed configuration with the version, to which you upgrade.

It gives a report on the actions to take before and after the upgrade.

Note - This tool is required only when you upgrade from R77.30 (and lower) version.

puv_report_generator

Runs at the end of pre_upgrade_verifier and converts the text report file to an HTML file.

Note - This tool is required only when you upgrade from R77.30 (and lower) version.

Using the Pre-Upgrade Verifier

>

Best Practice - Always run the Pre-Upgrade Verifier (PUV) on the source server before the upgrade.

The Pre-Upgrade Verifier:

  • Analyzes compatibility of the currently installed configuration with the version, to which you upgrade. It gives a report on the actions to take before and after the upgrade.

  • Can only analyze a management database that is intended for upgrade to a different major version (for example, from R80.20 to R80.40).

  • Runs automatically during the upgrade process. You can also run it manually.

Run this command and use the applicable syntax based on the instructions on the screen:

Version

Server

Commands

R80.20

and higher

Security Management Server

$FWDIR/scripts/migrate_server -h

 

Multi-Domain Server,

Multi-Domain Log ServerClosed Dedicated Check Point server that runs Check Point software to store and process logs in a Multi-Domain Security Management environment. The Multi-Domain Log Server consists of Domain Log Servers that store and process logs from Security Gateways that are managed by the corresponding Domain Management Servers. Acronym: MDLS.

$MDS_FWDIR/scripts/migrate_server verify -h

R80.10

and lower

Security Management Server

cd /<Path to Extracted Migration Tool>/

./pre_upgrade_verifier -h

 

Multi-Domain Server,

Multi-Domain Log Server

mount -o loop /var/log/path_to_iso/<R80.40_Gaia>.iso /mnt/cdrom

cd /mnt/cdrom/linux/p1_install/

./mds_setup

Select this option:

(1) Run Pre-upgrade verification only