Upgrading a Security Management Server or Log Server from R80.20 and higher with CPUSE
In a CPUSE upgrade scenario, you perform the upgrade procedure on the same Check Point server.
|
Notes:
|
|
Important - Before you upgrade a Management Server or Log Server:
|
Procedure:
-
Get the required Upgrade Tools on the server
Important - See Management Server Migration Tool and Upgrade Tools to understand if your server can download and install the latest version of the Upgrade Tools automatically.
Step
Instructions
1
Download the R80.40 Upgrade Tools from the sk135172.
(See Management Server Migration Tool and Upgrade Tools.)
Note - This is a CPUSE Offline package.
2
Install the R80.40 Upgrade Tools with CPUSE.
See Installing Software Packages on Gaia and follow the applicable action plan for the Local - Offline installation.
3
Make sure the package is installed.
Run this command in the Expert mode:
cpprod_util CPPROD_GetValue CPupgrade-tools-R80.40 BuildNumber 1
The output must show the same build number you see in the name of the downloaded TGZ package.
ExampleName of the downloaded package:
ngm_upgrade_wrapper_993000222_1.tgz
[Expert@HostName:0]# cpprod_util CPPROD_GetValue CPupgrade-tools-R80.40 BuildNumber 1
993000222
[Expert@HostName:0]#
Note - The command "
migrate_server
" from these Upgrade Tools always tries to connect to Check Point Cloud over the Internet.This is to make sure you always have the latest version of these Upgrade Tools installed.
If the connection to Check Point Cloud fails, this message appears:
Timeout. Failed to retrieve Upgrade Tools package. To download the package manually, refer to sk135172.
-
Upgrade the Security Management Server with CPUSE
See Installing Software Packages on Gaia and follow the applicable action plan.
-
Upgrade the dedicated Log Servers and dedicated SmartEvent Servers
This step is part of the upgrade procedure of a Security Management Server server. If you upgrade a dedicated Log Server or SmartEvent Server, then skip this step."
Important - If your Security Management Server manages dedicated Log Servers or SmartEvent Servers, you must upgrade these dedicated servers to the same version as the Security Management Server.
Select the applicable upgrade option from these:
-
Update the object version of the dedicated Log Servers and SmartEvent Servers
Important - If your Security Management Server manages dedicated Log Servers or SmartEvent Servers, you must update the version of the corresponding objects in SmartConsole.
Step
Instructions
1
Connect with SmartConsole to the R80.40 Security Management Server that manages the dedicated Log Server or SmartEvent Server.
2
From the left navigation panel, click Gateways & Servers.
3
Open the object of the dedicated Log Server or SmartEvent Server.
4
From the left tree, click General Properties.
5
In the Platform section > in the Version field, select R80.40.
6
Click OK.
-
Install the management database
Step
Instructions
1
Connect with SmartConsole to the R80.40 Security Management Server.
2
In the top left corner, click . > Install database
3
Select all objects.
4
Click Install.
5
Click OK.
-
Install the Event Policy
Important - This step applies only if the SmartEvent Correlation Unit Software Blade is enabled on the R80.40 Security Management Server.
Step
Instructions
1
Connect with the SmartConsole to the R80.40 Security Management Server.
2
In the SmartConsole, from the left navigation panel, click Logs & Monitor.
3
At the top, click + to open a new tab.
4
In the bottom left corner, in the External Apps section, click SmartEvent Settings & Policy.
The Legacy SmartEvent client opens.
5
In the top left corner, click . > Actions > Install Event Policy
6
Confirm.
7
Wait for these messages to appear:
SmartEvent Policy Installer installation complete
SmartEvent Policy Installer installation succeeded
8
Click Close.
9
Close the Legacy SmartEvent client.
-
Reconfigure the Log Exporter
Step
Instructions
1
Connect to the command line on the server.
2
Log in to the Expert mode.
3
Restore the Log Exporter configuration as described in sk127653.
4
Reconfigure the Log Exporter:
cp_log_export reconf
5
Restart the Log Exporter:
cp_log_export restart
For more information, see the R80.40 Logging and Monitoring Administration Guide > Chapter Log Exporter.
-
In SmartConsole, install policy on all SmartLSM Security Profiles
Important - This step applies only if you enabled the SmartProvisioning Software Blade on this Management Server.
Step
Instructions
1
Install the Access Control Policy:
-
Click Install Policy.
-
In the Policy field, select the applicable Access Control Policy.
-
Select the applicable SmartLSM Security Profile objects.
-
Click Install.
-
The Access Control Policy must install successfully.
2
Install the Threat Prevention Policy:
-
Click Install Policy.
-
In the Policy field, select the applicable Threat Prevention Policy.
-
Select the applicable SmartLSM Security Profile objects.
-
Click Install.
-
The Threat Prevention Policy must install successfully.
For more information, see the R80.40 SmartProvisioning Administration Guide.
-
-
Test the functionality
Step
Instructions
1
Connect with SmartConsole to the R80.40 Security Management Server.
2
Make sure the management database and configuration were upgraded correctly.