Supported Upgrade Paths

Installation Methods

CPUSE Check Point Upgrade Service Engine for Gaia Operating System. With CPUSE, you can automatically update Check Point products for the Gaia OS, and the Gaia OS itself. is the recommended installation and upgrade method supported for this release. To learn more about CPUSE, see sk92449.

R80.40 Security Management Server Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server. and Multi-Domain Server Dedicated Check Point server that runs Check Point software to host virtual Security Management Servers called Domain Management Servers. Synonym: Multi-Domain Security Management Server. Acronym: MDS. supports Linux 3.10 kernel and the xfs file system providing support for improved system capabilities and performance, such as an enlarged system storage, improved I/O operations, better debugging tools and more.

When you perform a Clean Install, or Advanced Upgrade to R80.40 from versions prior to R80.20, it uses the xfs file system.

After an in-place upgrade (using CPUSE), the file system remains ext3 except for Smart-1 525, 5050, 5150 appliances, which use the xfs file system.

Use the below methods to upgrade your Check Point environment to R80.40.

Upgrade Paths

Upgrade to R80.40 is available only from these versions:

From Version	Security Gateways and VSX	Management Servers and Multi-Domain Servers	Standalone
R80.20 kernel 2.6, R80.20 kernel 3.10, R80.30 kernel 2.6, R80.30 kernel 3.10
R80.20.M1, R80.20.M2	Not applicable		Not applicable
R80.10
R80	Not applicable
EP6.0, EP6.1, EP6.2, R77.30.01, R77.30.02, R77.30.03, R77.30 EP6.5	Not applicable	(does not apply to Multi-Domain Servers)
R77, R77.10, R77.20, R77.30
R76
R75.x	Requires a 2-step upgrade path: 1) R75.x  R77.30^(*) 2) R77.30  R80.40	Requires a 2-step upgrade path: 1) R75.x  R77.30^(*) 2) R77.30  R80.40	Requires a 2-step upgrade path: 1) R75.x  R77.30^(*) 2) R77.30  R80.40

^(*) See the R77 versions Installation and Upgrade Guide for Gaia Platforms.

Upgrade Methods

Use these methods to upgrade your Check Point environment to R80.40:

Check Point Product	Gaia Fast Deployment Clean Install ⁽¹⁾	Gaia Fast Deployment Upgrade ⁽¹⁾	Central Deployment in SmartConsole ⁽²⁾	CPUSE Clean Install ⁽³⁾	CPUSE Upgrade ⁽⁴⁾	Advanced Upgrade ⁽⁵⁾	Upgrade with Migration ⁽⁶⁾	Upgrade with CDT ⁽⁷⁾
Security Gateways
VSX Virtual System Extension. Check Point virtual networking solution, hosted on a computer or cluster with virtual abstractions of Check Point Security Gateways and other network devices. These Virtual Devices provide the same functionality as their physical counterparts. Gateways
Security Group Members - Maestro
Security Group Members - Scalable Chassis
ClusterXL Cluster of Check Point Security Gateways that work together in a redundant configuration. The ClusterXL both handles the traffic and performs State Synchronization. These Check Point Security Gateways are installed on Gaia OS: (1) ClusterXL supports up to 5 Cluster Members, (2) VRRP Cluster supports up to 2 Cluster Members, (3) VSX VSLS cluster supports up to 13 Cluster Members. Note: In ClusterXL Load Sharing mode, configuring more than 4 Cluster Members significantly decreases the cluster performance due to amount of Delta Sync traffic. Members in the High Availability A redundant cluster mode, where only one Cluster Member (Active member) processes all the traffic, while other Cluster Members (Standby members) are ready to be promoted to Active state if the current Active member fails. In the High Availability mode, the Cluster Virtual IP address (that represents the cluster on that network) is associated: (1) With physical MAC Address of Active member (2) With virtual MAC Address. Synonym: Active/Standby. Acronym: HA. modes
ClusterXL Members in the Load Sharing A redundant cluster mode, where all Cluster Members process all incoming traffic in parallel. For more information, see "Load Sharing Multicast Mode" and "Load Sharing Unicast Mode". Synonyms: Active/Active, Load Balancing mode. Acronym: LS. modes
VSX Cluster Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing. Members
VRRP Cluster Members
Primary Security Management Server Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server.
Secondary Security Management Server
Primary Multi-Domain Security Management Server
Secondary Multi-Domain Security Management Server
Primary Multi-Domain Log Server Dedicated Check Point server that runs Check Point software to store and process logs in a Multi-Domain Security Management environment. The Multi-Domain Log Server consists of Domain Log Servers that store and process logs from Security Gateways that are managed by the corresponding Domain Management Servers. Acronym: MDLS.
Secondary Multi-Domain Log Server Dedicated Check Point server that runs Check Point software to store and process logs.
Primary CloudGuard Controller Provisions SDDC services as Virtual Data Centers that provide virtualized computer networking, storage, and security.
Secondary CloudGuard Controller
Primary Endpoint Security Management Server
Secondary Endpoint Security Management Server
Dedicated Log Server
Dedicated SmartEvent Server Dedicated Check Point server with the enabled SmartEvent Software Blade that hosts the events database.
Full High Availability A special Cluster Mode supported only on Check Point appliances running Gaia OS (R75.40 and higher) or SecurePlatform OS (R77.30 and lower), where each Cluster Member also runs as a Security Management Server. This provides redundancy both between Security Gateways (only High Availability is supported) and between Security Management Servers (only High Availability is supported). Synonyms: Full HA Cluster Mode, Full HA, FullHA. Cluster Members
Standalone Configuration in which the Security Gateway and the Security Management Server products are installed and configured on the same server. Server

Notes:

Gaia Check Point security operating system that combines the strengths of both SecurePlatform and IPSO operating systems. Fast Deployment:

Performs a multi-step upgrade or clean install with one image.

This image already contains a specific base version, a designated role (for example, a Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources.), and Hotfixes / Jumbo Hotfix Accumulator Collection of hotfixes combined into a single package. Acronyms: JHA, JHF, JHFA..

You can see and install this image with CPUSE in Gaia Portal Web interface for the Check Point Gaia operating system. or Gaia Clish The name of the default command line shell in Check Point Gaia operating system. This is a restricted shell (role-based administration controls the number of commands available in the shell)..

For more information, see sk120193.
Central Deployment in SmartConsole Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on.:
- You perform a remote installation of an upgrade package from SmartConsole.
- You install the package from the local repository on the Management Server or from Check Point Cloud.
- You can install the package on several targets at the same time.
- For instructions, see the R80.40 Security Management Administration Guide.
CPUSE Clean Install:
- You perform a local installation of the higher version from scratch in Gaia Portal or Gaia Clish.
- You install the package from the local repository in Gaia OS or from Check Point Cloud.
- Requires these steps to preserve the configuration and database:
  1. Export the data before the installation.
  2. Import the data after the installation.
- For instructions, see the R80.40 Installation and Upgrade Guide.
CPUSE Upgrade (In-place Upgrade):
- You perform a local installation of an upgrade package in Gaia Portal or Gaia Clish.
- You install the package from the local repository in Gaia OS or from Check Point Cloud.
- Keeps the current configuration and database.
- For instructions, see the R80.40 Installation and Upgrade Guide.
Advanced Upgrade:
- Intended for Management Servers only.
- You perform a local installation of an upgrade package in Gaia Portal or Gaia Clish.
- You install the package from the local repository in Gaia OS or from Check Point Cloud.
- Requires these steps:
  1. Export of the current management database from the server.
  2. Upgrade of the server with CPUSE (In-place Upgrade or Clean Install).
  3. Import of the exported management database.
- For instructions, see the R80.40 Installation and Upgrade Guide.
Upgrade with Migration:
- Intended for Management Servers only.
- Requires these steps:
  1. Export of the current management database from the server.
  2. Installation of a different server with a higher version (Clean Install).
  3. Import of the exported management database.
- For instructions, see the R80.40 Installation and Upgrade Guide.
Upgrade with CDT (Central Deployment Tool):
- Intended for Security Gateways and Cluster Members only.
- You perform a remote installation of an upgrade package from the Management Server.
- You install the package from the local repository on the Management Server.
- You can install the package on several targets at the same time.
- For more information, see sk111158.

The minimum required unpartitioned disk space is the highest value of one of these:

Size of the current root partition.
The used space in the current root partition plus 3 GB.
If the used space is more than 90% of the root partition, then 110% of the size of the current root partition.

Important:

At least 20 GB of free disk space is required in the root partition for an Upgrade to succeed.
At least 10 GB of free disk space is required in the /var/log partition for a Clean Install or Upgrade to succeed.