Upgrading a Dedicated Endpoint Policy Server from R80.10 and lower with Advanced Upgrade

In an advanced upgrade scenario, you perform the upgrade procedure on the same dedicated Endpoint Policy Server.

Notes - To upgrade from R80.20 and higher, see Upgrading an Endpoint Security Management Server or Endpoint Policy Server from R80.20 and higher with Advanced Upgrade.

Important - Before you upgrade a dedicated Endpoint Policy Server: Step Instructions 1 Back up your current configuration (see Backing Up and Restoring). 2 See the Upgrade Options and Prerequisites. 3 Before you upgrade a dedicated Endpoint Policy Server, you must upgrade the applicable Endpoint Security Management Server that manages it. 4 You must close all GUI clients (SmartConsole applications) connected to the Endpoint Policy Server.

Procedure:

1. Get the R80.40 Management Server Migration Tool

   Step	Instructions
   1	Download the R80.40 Management Server Migration Tool from the R80.40 Home Page SK (see Management Server Migration Tool and Upgrade Tools).
   2	Transfer the R80.40 Management Server Migration Tool package to the current server to some directory (for example, /var/log/path_to_migration_tool/). Note - Make sure to transfer the file in the binary mode.

2. On the current dedicated Endpoint Policy Server, run the Pre-Upgrade Verifier and export the entire management database

   Step	Instructions
   1	Connect to the command line on the current dedicated Endpoint Policy Server.
   2	Log in to the Expert mode.
   3	Go to the directory, where you put the R80.40 Management Server Migration Tool package: cd /var/log/path_to_migration_tool/
   4	Extract the R80.40 Management Server Migration Tool package: tar zxvf <Name of Management Server Migration Tool Package>.tgz
   5	Important - This step applies only when you upgrade from R77.30 or lower. Run the Pre-Upgrade Verifier (PUV). Run this command and use the applicable syntax based on the instructions on the screen: ./pre_upgrade_verifier -h Read the Pre-Upgrade Verifier output. If it is necessary to fix errors: Follow the instructions in the report. In a Management High Availability environment, if you made changes, synchronize the Endpoint Security Management Servers immediately after these changes. Run the Pre-Upgrade Verifier again.
   6	Export the management database: yes | nohup ./migrate export [-l | -x] [-n] /<Full Path>/<Name of Exported File> & Notes: yes | nohup ... & are mandatory parts of the syntax. For details, see the R80.40 CLI Reference Guide - Chapter Security Management Server Commands - Section migrate.
   7	Calculate the MD5 for the exported database files: md5sum /<Full Path>/<Name of Database File>.tgz
   8	Transfer the exported databases from the current server to an external storage: /<Full Path>/<Name of Database File>.tgz Note - Make sure to transfer the file in the binary mode.

3. Install the R80.40 Endpoint Policy Server

   See the R80.40 Release Notes for requirements.

   Do not perform initial configuration in SmartConsole.

   Current OS	Available options
   Gaia Operating System	Follow one of these procedures: Upgrading a Dedicated Endpoint Policy Server from R80.10 and lower Installing an Endpoint Policy Server
   Operating System other than Gaia	Follow this procedure: Installing an Endpoint Policy Server

   Important - The IP addresses of the source and target R80.40 servers must be the same. If it is necessary to have a different IP address on the R80.40 server, you can change it only after the upgrade procedure. Note that you have to issue licenses for the new IP address. For applicable procedures, see sk40993 and sk65451.

4. On the R80.40 or Endpoint Policy Server, import the databases

   Important - Before you import the management database, we strongly recommend to install the latest General Availability Take of the R80.40 Jumbo Hotfix Accumulator. This makes sure the R80.40 server has the latest improvements for reported import issues.

   Step	Instructions
   1	Connect to the command line on the R80.40 Endpoint Policy Server.
   2	Log in to the Expert mode.
   3	Make sure a valid license is installed: cplic print If it is not already installed, then install a valid license now.
   4	Transfer the exported databases from an external storage to the R80.40 or Endpoint Policy Server, to some directory. Note - Make sure to transfer the files in the binary mode.
   5	Make sure the transferred files are not corrupted. Calculate the MD5 for the transferred files and compare them to the MD5 that you calculated on the original Endpoint Policy Server: md5sum /<Full Path>/<Name of Database File>.tgz
   6	Go to the $FWDIR/bin/upgrade_tools/ directory: cd $FWDIR/bin/upgrade_tools/
   7	Import the management database: yes | nohup ./migrate import [-l | -x] [-n] /<Full Path>/<Name of Exported File>.tgz & Notes: yes | nohup ... & are mandatory parts of the syntax. For details, see the R80.40 CLI Reference Guide - Chapter Security Management Server Commands - Section migrate.
   8	Restart the Check Point services: cpstop cpstart

5. Update the version of the Endpoint Policy Server object

   Step	Instructions
   1	Connect with SmartConsole to the R80.40 Security Management Server that manages the Endpoint Policy Server.
   2	From the left navigation panel, click Gateways & Servers.
   3	Open the object of the Endpoint Policy Server.
   4	From the left tree, click General Properties.
   5	In the Platform section > in the Version field, select R80.40.
   6	Click OK.

6. Install the management database

   Step	Instructions
   1	Connect with SmartConsole to the R80.40 Endpoint Security Management Server that manages the dedicated Endpoint Policy Server.
   2	In the top left corner, click Menu > Install database.
   3	Select all objects.
   4	Click Install.
   5	Click OK.

7. Install the Event Policy on the dedicated Endpoint Policy Server

   Important - This step applies only if the SmartEvent Correlation Unit Software Blade is enabled on the dedicated R80.40 Endpoint Policy Server.

   Step	Instructions
   1	Connect with the SmartConsole to the R80.40 Endpoint Policy Server.
   2	In the SmartConsole, from the left navigation panel, click Logs & Monitor.
   3	At the top, click + to open a new tab.
   4	In the bottom left corner, in the External Apps section, click SmartEvent Settings & Policy. The Legacy SmartEvent client opens.
   5	In the top left corner, click Menu > Actions > Install Event Policy.
   6	Confirm.
   7	Wait for these messages to appear: SmartEvent Policy Installer installation complete SmartEvent Policy Installer installation succeeded
   8	Click Close.
   9	Close the Legacy SmartEvent client.

8. Reconfigure the Log Exporter

   Step	Instructions
   1	Connect to the command line on the server.
   2	Log in to the Expert mode.
   3	Restore the Log Exporter configuration as described in sk127653.
   4	Reconfigure the Log Exporter: cp_log_export reconf
   5	Restart the Log Exporter: cp_log_export restart

   For more information, see the R80.40 Logging and Monitoring Administration Guide > Chapter Log Exporter.

9. Test the functionality on the dedicated Endpoint Policy Server

   Step	Instructions
   1	Connect with SmartConsole to the dedicated R80.40 Endpoint Policy Server.
   2	Make sure the management database and configuration were upgraded correctly.

10. Test the functionality on the R80.40 Endpoint Security Management Server

    Step	Instructions
    1	Connect with SmartConsole to the R80.40 Endpoint Security Management Server that manages the dedicated Endpoint Policy Server.
    2	Make sure everything works as expected.