Prerequisites for Upgrading and Migrating of Security Gateways and Clusters

Prerequisites:

• Make sure you use the latest version of this document (see the Important Information page for links).

• See the R81.10 Release Notes for:

  • Supported upgrade paths

  • Minimum hardware and operating system requirements

  • Supported Security Gateways

• Make sure to read all applicable known limitations in the R81.10 Known Limitations SK.

• Before starting an upgrade of your Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. and Cluster Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing. Members, you must upgrade the Management Server Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server..

• On your Security Gateways and Cluster Members:

  Make a copy of all custom configurations in the applicable directories and files.

  The upgrade process replaces all existing files with default files. You must not copy the customized configuration files from the current version to the upgraded version, because these files can be unique for each version. You must make all the custom configurations again after the upgrade.

  List of the most important directories

  Note - On VSX Gateway Physical server that hosts VSX virtual networks, including all Virtual Devices that provide the functionality of physical network devices. It holds at least one Virtual System, which is called VS0. and VSX Virtual System Extension. Check Point virtual networking solution, hosted on a computer or cluster with virtual abstractions of Check Point Security Gateways and other network devices. These Virtual Devices provide the same functionality as their physical counterparts. Cluster Member Security Gateway that is part of a cluster., some of these directories exist in the context of each Virtual Device.

  This list is sorted alphabetically.

  • $CVPNDIR/conf/

  • $FWDIR/boot/modules/

  • $FWDIR/conf/

  • $FWDIR/database/

  • $FWDIR/lib/

  • $PPKDIR/boot/modules/

  • /var/ace/

  List of the most important files

  Note - Some of these files do not exist by default. Some files are configured on each VSX Gateway and VSX Cluster Member, and some files are configured in the context of each Virtual System.

  This list is sorted alphabetically.

  • $CVPNDIR/conf/cvpnd.C

  • $FWDIR/boot/modules/fwkern.conf

  • $FWDIR/conf/cpha_bond_ls_config.conf

  • $FWDIR/conf/cpha_specific_vlan_data.conf (see sk92784)

  • $FWDIR/conf/discntd.if

  • $FWDIR/conf/fw_fast_accel_export_configuration.conf (see sk156672)

  • $FWDIR/conf/fwaffinity.conf

  • $FWDIR/conf/fwauthd.conf

  • $FWDIR/conf/hsm_configuration.C

  • $FWDIR/conf/identity_broker.C

  • $FWDIR/conf/ipassignment.conf

  • $FWDIR/conf/local.arp (see sk30197)

  • $FWDIR/conf/malware_config

  • $FWDIR/conf/prioq.conf (see sk105762)

  • $FWDIR/conf/rad_conf.C

  • $FWDIR/conf/synatk.conf

  • $FWDIR/conf/te.conf

  • $FWDIR/conf/thresholds.conf

  • $FWDIR/conf/trac_client_1.ttm

  • $FWDIR/conf/vsaffinity_exception.conf

  • $PPKDIR/conf/simkern.conf

  • /var/ace/sdconf.rec

  • /var/ace/sdopts.rec

  • /var/ace/sdstatus.12

  • /var/ace/securid

• Licenses and Service Contracts:

  • Make sure you have valid licenses installed on all applicable Check Point computers - source and target.

  • Make sure you have a valid Service Contract that includes software upgrades and major releases registered to your Check Point User Center account (see Contract Verification).

    The contract file is stored on the Management Server and downloaded to Check Point Security Gateways during the upgrade process.

    For more information about Service Contracts, see sk33089.