Upgrading one Multi-Domain Server from R80.20 and higher with CPUSE
In a CPUSE Check Point Upgrade Service Engine for Gaia Operating System. With CPUSE, you can automatically update Check Point products for the Gaia OS, and the Gaia OS itself. upgrade scenario, you perform the upgrade procedure on the same Multi-Domain Server Dedicated Check Point server that runs Check Point software to host virtual Security Management Servers called Domain Management Servers. Synonym: Multi-Domain Security Management Server. Acronym: MDS..
|
Notes:
|
|
Important - Before you upgrade a Multi-Domain Server:
|
Procedure:
-
Get the required Upgrade Tools on the server
Important - See Upgrade Tools to understand if your server can download and install the latest version of the Upgrade Tools automatically.
Step
Instructions
1
Download the R81 Upgrade Tools from the sk135172.
(See Upgrade Tools.)
Note - This is a CPUSE Offline package.
2
Install the R81 Upgrade Tools with CPUSE.
See Installing Software Packages on Gaia and follow the applicable action plan for the Local - Offline installation.
3
Make sure the package is installed.
Run this command in the Expert mode:
cpprod_util CPPROD_GetValue CPupgrade-tools-R81 BuildNumber 1
The output must show the same build number you see in the name of the downloaded TGZ package.
ExampleName of the downloaded package:
ngm_upgrade_wrapper_993000222_1.tgz
[Expert@HostName:0]# cpprod_util CPPROD_GetValue CPupgrade-tools-R81 BuildNumber 1
993000222
[Expert@HostName:0]#
Note - The command "
migrate_server
" from these Upgrade Tools always tries to connect to Check Point Cloud over the Internet.This is to make sure you always have the latest version of these Upgrade Tools installed.
If the connection to Check Point Cloud fails, this message appears:
Timeout. Failed to retrieve Upgrade Tools package. To download the package manually, refer to sk135172.
-
Upgrade the Multi-Domain Server with CPUSE
See Installing Software Packages on Gaia and follow the applicable action plan.
-
Upgrade the Multi-Domain Log Servers, dedicated Log Servers, and dedicated SmartEvent Servers
Important - If your Multi-Domain Server manages Multi-Domain Log Servers, dedicated Log Servers, or dedicated SmartEvent Servers, you must upgrade these dedicated servers to the same version as the Multi-Domain Server.
Select the applicable upgrade option:
-
Reconfigure the Log Exporter
Step
Instructions
1
Connect to the command line on the server.
2
Log in to the Expert mode.
3
Restore the Log Exporter configuration as described in sk127653.
4
Reconfigure the Log Exporter:
cp_log_export reconf
5
Restart the Log Exporter:
cp_log_export restart
For more information, see the R81 Logging and Monitoring Administration Guide > Chapter Log Exporter.
-
In SmartConsole of each applicable Domain Management Server, install policy on all SmartLSM Security Profiles
Important - This step applies to each Domain Management Server Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server. that manages SmartLSM Security Profiles.
Step
Instructions
1
Install the Access Control Policy:
-
Click Install Policy.
-
In the Policy field, select the applicable Access Control Policy.
-
Select the applicable SmartLSM Security Profile objects.
-
Click Install.
-
The Access Control Policy must install successfully.
2
Install the Threat Prevention Policy:
-
Click Install Policy.
-
In the Policy field, select the applicable Threat Prevention Policy.
-
Select the applicable SmartLSM Security Profile objects.
-
Click Install.
-
The Threat Prevention Policy must install successfully.
For more information, see the R81 SmartProvisioning Administration Guide.
-
-
Test the functionality on the R81 Multi-Domain Server
Step
Instructions
1
Connect with SmartConsole to the R81 Multi-Domain Server.
2
Make sure the management database and configuration were upgraded correctly.