Multi-Version Cluster Upgrade Procedure - Gateway Mode

Note - The procedure below is for ClusterXL and VRRP ClusterClosed Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing.. For VSXClosed Virtual System Extension. Check Point virtual networking solution, hosted on a computer or cluster with virtual abstractions of Check Point Security Gateways and other network devices. These Virtual Devices provide the same functionality as their physical counterparts. Cluster, see Multi-Version Cluster Upgrade Procedure - VSX Mode.

Important - Before you upgrade a Cluster:

Step

Instructions

1

Back up your current configuration (see Backing Up and Restoring).

2

See Upgrade Options and Prerequisites.

3

Upgrade the Management ServerClosed Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server. and Log Servers.

4

See Planning a Cluster Upgrade.

5

Schedule a full maintenance window to make sure you can make all the custom configurations again after the upgrade.

Note - MVC supports Cluster Members with different GaiaClosed Check Point security operating system that combines the strengths of both SecurePlatform and IPSO operating systems. kernel editions (R81.10 64-bit and R77.30 / R80.10 32-bit).

The procedure described below is based on an example cluster with three Cluster Members M1, M2 and M3.

However, you can use it for clusters that consist of two or more.

Action plan:

  1. In SmartConsoleClosed Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on., change the cluster object version to R81.10.

  2. On the Cluster MemberClosed Security Gateway that is part of a cluster. M3:

    1. Upgrade to R81.10

      Note - If you perform a Clean InstallClosed Installation of a Check Point Operating System from scratch on a computer. of R81.10, then you must establish SICClosed Secure Internal Communication. The Check Point proprietary mechanism with which Check Point computers that run Check Point software authenticate each other over SSL, for secure communication. This authentication is based on the certificates issued by the ICA on a Check Point Management Server. in SmartConsole with this Cluster Member and install Access Control Policy on it

    2. Enable the MVC

  3. In SmartConsole, install the Access Control Policy on the Cluster Member M3.

  4. On the next Cluster Member M2:

    1. Upgrade to R81.10

      Note - If you perform a Clean Install of R81.10, then you must establish SIC in SmartConsole with this Cluster Member and install Access Control Policy on it

    2. Enable the MVC

  5. In SmartConsole, install the Access Control Policy on the Cluster Member M3 and M2.

  6. On the remaining Cluster Member M1:

    • Upgrade to R81.10

      Note - If you perform a Clean Install of R81.10, then you must establish SIC in SmartConsole with this Cluster Member

  7. In SmartConsole, install the Access Control Policy and the Threat Prevention Policy on the Cluster object.

Procedure: