Supported Upgrade Paths

Installation Methods

Upgrade Paths

Note - For more information about Security Management Servers and supported managed Security Gateways see sk113113.

Upgrade to R81.10 is available only from these versions:

Current Version

Security Gateways

and

VSX (1)

Management Servers

and

Multi-Domain Servers

Standalone

R81

R80.40,

R80.30 kernel 3.10,

R80.30 kernel 2.6,

R80.20 kernel 3.10,

R80.20 kernel 2.6

For Scalable Platforms:

R81,

R80.30SP,

R80.20SP

(2)

Not applicable

Not applicable

R80.20.M2,

R80.20.M1

Not applicable

Not applicable

R80.10

Requires a 2-step upgrade path:

1) R80.10 à R80.40(3)

2) R80.40 à R81.10

Requires a 2-step upgrade path:

1) R80.10 à R80.40(3)

2) R80.40 à R81.10

R80

Not applicable

Requires a 2-step upgrade path:

1) R80 à R80.40(3)

2) R80.40 à R81.10

Not applicable

R77.30

Requires a 2-step upgrade path:

1) R77.30 à R80.40(3)

2) R80.40 à R81.10

Requires a 2-step upgrade path:

1) R77.30 à R80.40(3)

2) R80.40 à R81.10

Notes:

  1. Starting in R81.10, VSLS is the only supported mode for new installations.

    Upgrade of a VSXClosed Virtual System Extension. Check Point virtual networking solution, hosted on a computer or cluster with virtual abstractions of Check Point Security Gateways and other network devices. These Virtual Devices provide the same functionality as their physical counterparts. ClusterClosed Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing. in the High AvailabilityClosed A redundant cluster mode, where only one Cluster Member (Active member) processes all the traffic, while other Cluster Members (Standby members) are ready to be promoted to Active state if the current Active member fails. In the High Availability mode, the Cluster Virtual IP address (that represents the cluster on that network) is associated: (1) With physical MAC Address of Active member (2) With virtual MAC Address. Synonym: Active/Standby. Acronym: HA. mode from earlier versions to R81.10 is supported.

    The VSX Cluster is automatically converted to VSLS.

  2. Upgrade from these versions to R81.10 is supported only with the required Takes of Jumbo HotfixClosed Software package installed on top of the current software version to fix a wrong or undesired behavior, and to add a new behavior. Accumulators. See sk173363.

    In Maestro environment, it is possible to upgrade Security GroupsClosed A logical group of Security Appliances (in Maestro) / Security Gateway Modules (on Scalable Chassis) that provides Active/Active cluster functionality. A Security Group can contain one or more Security Appliances / Security Gateway Modules. Security Groups work separately and independently from each other. To the production networks, a Security Group appears a single Security Gateway. In Maestro, each Security Group contains: (A) Applicable Uplink ports, to which your production networks are connected; (B) Security Appliances (the Quantum Maestro Orchestrator determines the applicable Downlink ports automatically); (C) Applicable management port, to which the Check Point Management Server is connected. and Quantum Maestro OrchestratorsClosed A scalable Network Security System that connects multiple Check Point Security Appliances into a unified system. Synonyms: Orchestrator, Quantum Maestro Orchestrator, Maestro Hyperscale Orchestrator. Acronym: MHO. (if you decide to upgrade, you must upgrade both).

  3. To upgrade to R80.40, see the R80.40 Installation and Upgrade Guide.

  4. To upgrade a Security Gateway or a Management ServerClosed Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server. that implements Carrier Security, see sk169415.

Upgrade Methods

Use these methods to upgrade your Check Point environment to R81.10:

Check Point Products

Supported Upgrade Methods for These Products                             

  • Security Gateway

  • VSX

  • Central Deployment of Hotfixes in SmartConsole

  • CPUSE Upgrade

  • CPUSE Clean Install

  • CPUSE Upgrade

  • CPUSE Clean Install

  • Advanced Upgrade

  • Upgrade with Migration

The minimum required unpartitioned disk space is the highest value of one of these:

  • Size of the current root partition.

  • The used space in the current root partition plus 3 GB.

  • If the used space is more than 90% of the root partition, then 110% of the size of the current root partition.

Important:

  • At least 20 GB of free disk space is required in the root partition for an Upgrade to succeed.

  • At least 10 GB of free disk space is required in the /var/log partition for a Clean Install or Upgrade to succeed.

Build Numbers

Software Component

Build Number

Verifying Build Number

GaiaClosed Check Point security operating system that combines the strengths of both SecurePlatform and IPSO operating systems.

OS Build 335

OS kernel version 3.10.0-957.21.3cpx86_64

OS edition 64-bit

Run this command in Gaia ClishClosed The name of the default command line shell in Check Point Gaia operating system. This is a restricted shell (role-based administration controls the number of commands available in the shell).:

show version all

Security Gateway

R81.10 - Build 883

Run this command in the Expert mode:

fw ver

Security Management Server

R81.10 - Build 220

Run this command in the Expert mode:

fwm ver

Multi-Domain Server

R81.10 - Build 195

Run this command in the Expert mode:

fwm mds ver

SmartConsole

81.10.9600.358

Click Menu > About Check Point SmartConsole