Upgrading a Multi-Domain Log Server from R80.20 and higher with CPUSE
In a CPUSE Check Point Upgrade Service Engine for Gaia Operating System. With CPUSE, you can automatically update Check Point products for the Gaia OS, and the Gaia OS itself. For details, see sk92449. upgrade scenario, you perform the upgrade procedure on the same Multi-Domain Log Server Dedicated Check Point server that runs Check Point software to store and process logs in a Multi-Domain Security Management environment. The Multi-Domain Log Server consists of Domain Log Servers that store and process logs from Security Gateways that are managed by the corresponding Domain Management Servers. Acronym: MDLS..
|
Notes:
|
|
Important - Before you upgrade a Multi-Domain Log Server Dedicated Check Point server that runs Check Point software to store and process logs.:
|
Procedure:
-
Get the required Upgrade Tools on the server
Important - See Upgrade Tools to understand if your server can download and install the latest version of the Upgrade Tools automatically.
Step
Instructions
1
Download the R81.20 Upgrade Tools from the sk135172..
Note - This is a CPUSE Offline package.
2
Install the R81.20 Upgrade Tools with CPUSE.
See Installing Software Packages on Gaia and follow the applicable action plan for the Local - Offline installation.
3
Make sure the package is installed.
Run this command in the Expert mode:
cpprod_util CPPROD_GetValue CPupgrade-tools-R81.20 BuildNumber 1
The output must show the same build number you see in the name of the downloaded TGZ package.
ExampleName of the downloaded package:
ngm_upgrade_wrapper_993000222_1.tgz
[Expert@HostName:0]# cpprod_util CPPROD_GetValue CPupgrade-tools-R81.20 BuildNumber 1
993000222
[Expert@HostName:0]#
Note - The command "
migrate_server
" from these Upgrade Tools always tries to connect to Check Point Cloud over the Internet.This is to make sure you always have the latest version of these Upgrade Tools installed.
If the connection to Check Point Cloud fails, this message appears:
Timeout. Failed to retrieve Upgrade Tools package. To download the package manually, refer to sk135172.
-
Create the required JSON configuration file on the Multi-Domain Log Server
Important:
-
If none of the servers in the same Multi-Domain Security Management environment changed their original IP addresses, then you do not need to create the special JSON configuration file.
Skip this step.
-
Even if only one of the servers migrates to a new IP address, all the other servers (including all Multi-Domain Log Servers, Log Servers, and SmartEvent Servers) must get this configuration file.
You must use the same JSON configuration file on all servers (including the Secondary Multi-Domain Servers, Multi-Domain Log Servers, Log Servers and SmartEvent Servers) in the same Multi-Domain Security Management environment.
To create the required JSON configuration file:
Step
Instructions
1
Connect to the command line on the Multi-Domain Log Server Server.
2
Log in to the Expert mode.
3
Create the
/var/log/mdss.json
file that contains each server that migrates to a new IP address.Format for migrating a Multi-Domain Server Dedicated Check Point server that runs Check Point software to host virtual Security Management Servers called Domain Management Servers. Synonym: Multi-Domain Security Management Server. Acronym: MDS. / Log Server / SmartEvent Server to a new IP address:
[{"name":"<Name of Server #1 Object in SmartConsole>","newIpAddress4":"<New IPv4 Address of R81.20 Server #1>"},
{"name":"<Name of Server #2 Object in SmartConsole>","newIpAddress4":"<New IPv4 Address of R81.20 Server #2>"}]
ExampleThere are 2 servers in the R80.30 Multi-Domain Security Management environment - the Multi-Domain Server and the Multi-Domain Log Server. The Multi-Domain Server migrates to a new IP address. The Multi-Domain Log Server remains with the original IP address.
-
The current IPv4 address of the source R80.30 Multi-Domain Server is:
192.168.10.21
-
The name of the source R80.30 Multi-Domain Server object in SmartConsole is:
MyMultiDomainServer
-
The new IPv4 address of the target R81.20 Multi-Domain Server is:
172.30.40.51
-
The required syntax for the JSON configuration file you must use on the Multi-Domain Server and on the Multi-Domain Log Server:
[{"name":"MyMultiDomainServer","newIpAddress4":"172.30.40.51"}]
Important - All servers in this environment must get the same configuration file.
-
-
Upgrade the Multi-Domain Log Server with CPUSE
See Installing Software Packages on Gaia and follow the applicable action plan.
-
Update the version of the Multi-Domain Log Server object
Step
Instructions
1
Connect with SmartConsole to the R81.20 Multi-Domain Server that manages the Multi-Domain Log Server.
2
From the left navigation panel, click Multi-Domain > Domains.
3
From the top toolbar, open the Multi-Domain Log Server object.
4
From the left tree, click General.
5
In the Platform section > in the Version field, select R81.20.
6
Click OK.
-
Test the functionality on the R81.20 Multi-Domain Log Server
Step
Instructions
1
Connect with SmartConsole to the R81.20 Multi-Domain Log Server.
2
Make sure the management database and configuration were upgraded correctly.
-
Test the functionality on the R81.20 Multi-Domain Server
Step
Instructions
1
Connect with SmartConsole to the R81.20 Multi-Domain Server that manages the Multi-Domain Log Server.
2
Make sure the logging works as expected.