Rolling Back a Failed Upgrade of a Security Group to R81.20 - Minimum Downtime
This section describes the steps to roll back a failed upgrade of a Security Group A logical group of Security Appliances that provides Active/Active cluster functionality. A Security Group can contain one or more Security Appliances. Security Groups work separately and independently from each other. To the production networks, a Security Group appears a single Security Gateway. Every Security Group contains: (A) Applicable Uplink ports, to which your production networks are connected; (B) Security Appliances (the Quantum Maestro Orchestrator determines the applicable Downlink ports automatically); (C) Applicable management port, to which the Check Point Management Server is connected. from R81.20 with Minimum Downtime.
This procedure supports only these downgrade paths for Security Groups:
-
from R81.20 to R81.10
-
from R81.20 to R81
-
from R81.20 to R80.30SP
-
from R81.20 to R80.20SP
Rolling Back If Only Some of the Security Group Members Were Upgraded
|
Important - Use this rollback procedure if you upgraded only some (not all) Security Group Members in the Security Group. |
Step |
Instructions |
|||||
---|---|---|---|---|---|---|
1 |
Connect to the command line on the Security Group. |
|||||
2 |
If your default shell is
|
|||||
3 |
Disable the SMO Image Cloning feature:
|
|||||
4 |
Go to the Expert mode:
|
|||||
5 |
Go to the context of one of the Security Group Members that were upgraded to R81.20:
Example:
|
|||||
6 |
Run the upgrade script with the "
|
|||||
7 |
On each Security Group Member that was upgraded to R81.20, restore the Gaia automatic snapshot:
|
|||||
8 |
Connect to the command line on the Security Group. |
|||||
9 |
If your default shell is
|
|||||
10 |
Run the upgrade script with the "
|
|||||
11 |
Make sure the downgrade was successful:
|
Rolling Back the Whole Security Group - Zero Downtime
Use this rollback procedure if you upgraded all Security Group Members in the Security Group and it is necessary to keep the current connections.
|
Important:
|
Step |
Instructions |
|||||
---|---|---|---|---|---|---|
1 |
Connect to the command line on the Security Group. |
|||||
2 |
Go to the context of one of the Security Group Members in the Logical Group "A":
Example:
|
|||||
3 |
If your default shell is
|
|||||
4 |
Run the upgrade script with the "
|
|||||
5 |
Restore the Gaia automatic snapshot on each Security Group Member in the Logical Group "A" that was upgraded to R81.20:
|
|||||
6 |
Connect to the command line on the Security Group. |
|||||
7 |
Go to the context of one of the Security Group Members in the Logical Group "A" that was downgraded from R81.20:
Example:
|
|||||
8 |
Run the upgrade script with the "
|
|||||
9 |
Restore the Gaia automatic snapshot on each Security Group Member in the Logical Group "B" that was upgraded to R81.20:
|
|||||
10 |
Connect to the command line on the Security Group. |
|||||
11 |
If your default shell is
|
|||||
12 |
Run the upgrade script with the "
|
|||||
13 |
Make sure the downgrade was successful:
|
Rolling Back the Whole Security Group - With Downtime
Use this rollback procedure if you upgraded all Security Group Members in the Security Group and it is not necessary to keep the current connections.
|
Important - Schedule a maintenance window because this procedure interrupts all traffic that passes through the Security Group. This rollback procedure save time because you revert all upgraded Security Group Members in a specific Security Group at the same time. If traffic must not be interrupted, then follow the procedure Rolling Back a Failed Upgrade of a Security Group to R81.20 - Zero Downtime. |
Step |
Instructions |
||
---|---|---|---|
1 |
Connect to the command line on the Security Group. |
||
2 |
If your default shell is
|
||
3 |
Go from the Expert mode to Gaia gClish.
|
||
4 |
Restore the Gaia automatic snapshot that was saved automatically before the upgrade.
Example:
|
||
5 |
Wait for the Security Group Members to complete the reboot. |
||
6 |
Connect to the command line on the Security Group. |
||
7 |
If your default shell is
|
||
8 |
Run the upgrade script with the "
|
||
9 |
Make sure the downgrade was successful:
|