Offline Migration/Upgrade of Management server from R77.30 Gaia to R80.10 Gaia

By Vishnu Reddy in Check Point
144 Views
0 Comments

Activity Checklist:

I. Current setup info(Prior migration).

  • Setup(Standalone/Distributed/Cluster) : Distributed
  • CP OS: Gaia
  • CP Version: R77.30
  • Hardware model: Open Server
  • Mgmt Host name: ManagementServer
  • Firewall Host name: LabFirewall
  • Mgmt server IP add: 1.2.3.10
  • Firewall IP address: 1.2.3.20

II. Proposed setup info(After migration) :

  • Setup(Standalone/Distributed/Cluster) : Distributed
  • CP OS: Gaia
  • CP Version: R80.10
  • Hardware model: Open Server
  • Mgmt Host name: ManagementServer
  • Firewall Host name: LabFirewall
  • Mgmt server IP add: 1.2.3.10
  • Firewall IP address: 1.2.3.20

III. Change freeze time 

IV. Recommended taking needful backups(migrate export, backup & snapshot). Refer SK54100 & SK91400 for the procedure.

V. Backup of fwopsec.conf file from the $FWDIR/conf path. (If any OPSEC LEA is configured)

Activity flow :

1. Generate a fresh backup (migrate export) from the live server,  please refer SK54100 for the detailed procedure.

  • Make a note of the MD5 value of the generated file.
  • Take it out of the Management server.
  • Reference policies

https://hf-files-oregon.s3.amazonaws.com/hdpqos_kb_attachments/2017/08-04/203e08e3-1022-48a5-9bf6-11db7ff2c589/1A.PNG

Generating migrate export for lab replication :

https://hf-files-oregon.s3.amazonaws.com/hdpqos_kb_attachments/2017/08-04/84f87e70-ccdb-4601-9492-f9f243e271d3/2.png

2. Create a replica of your Management server.

  • Host-name should be same.
  • IP address should be same.
  • CP version should be same.
  • CP OS should be same.

3. Import the backup file which you generated in point-1 on the lab replica Management server, please refer SK54100 for the detailed procedure.

https://hf-files-oregon.s3.amazonaws.com/hdpqos_kb_attachments/2017/08-04/92ed4f0f-f0f9-4eae-a154-00f498fc006e/5.png

https://hf-files-oregon.s3.amazonaws.com/hdpqos_kb_attachments/2017/08-04/44ecc789-0812-4023-9ee1-a60e98199519/7.png

4. Login to R77.30 Gaia Smart Dashboard and cross check the configuration.

https://hf-files-oregon.s3.amazonaws.com/hdpqos_kb_attachments/2017/08-04/ef1912f1-7878-471e-8bf0-ff7124455b8a/9.png

5. Download the R80.10 Gaia migration tools from the below link :

(R80.10 Management Server Migration Tools for Gaia Pre R80″) :

Download R80 Gaia Migration Tools

6. Copy this migration tools to the R77.30 Gaia lab replication Management server under $FWDIR/bin/upgrade_tools

https://hf-files-oregon.s3.amazonaws.com/hdpqos_kb_attachments/2017/08-04/99007dba-8972-4acc-9a02-5b26b318f3b2/10%20-%20Copy.png

7. Extract the copied migration tools of R80.10

#tar -zxvf filename

https://hf-files-oregon.s3.amazonaws.com/hdpqos_kb_attachments/2017/08-04/a75b8197-b41b-4c87-a96d-12eb36a283b7/12.png

=====================================================

NOTE : Run Pre-upgrade verifier to check the conflicts. For procedure, refer sk110267.

=====================================================

8. Generate a backup (migrate export), please refer SK54100 for the detailed procedure.

  • Make a note of the MD5 value of the generated file.
  • Take it out of the Management server.

https://hf-files-oregon.s3.amazonaws.com/hdpqos_kb_attachments/2017/08-04/4e391e0a-5ccb-4d45-bf36-d94c45dd10ba/15.png

9. Download the R80.10 Gaia New installation/fresh installation image from the below link :

Download R80 Gaia New Installation Image

10. Do a fresh installation of R80.10 Gaia Management server in your lab setup.

  • Host-name should be same.
  • IP address should be same.

11. Import the backup(migrate import) which you have generated in point-8, please refer SK54100 for the detailed procedure & reboot the Management server to load the configuration.

https://hf-files-oregon.s3.amazonaws.com/hdpqos_kb_attachments/2017/08-04/a29cefa9-db7b-4aa5-a059-cf7bb703937e/16.png

https://hf-files-oregon.s3.amazonaws.com/hdpqos_kb_attachments/2017/08-04/3c2fbce2-d029-4ac1-b1e6-c99edf025950/19.png

12. Download the R80.10 GUI console from the below link :

Download R80.10 GUI Console

13. Login to Smart dashboard and cross check the configuration.

https://hf-files-oregon.s3.amazonaws.com/hdpqos_kb_attachments/2017/08-04/e270c32e-640a-43d5-ac5a-00e92e5a04e5/20.png

====================================

Once the lab migration is successful :

====================================

NOTE : Pay attention to the R80.10 Gaia pre-requisites.

  • Compatible devices/models

https://hf-files-oregon.s3.amazonaws.com/hdpqos_kb_attachments/2017/07-18/8fc36cd1-9d2d-4af5-bcf9-8d2ca7d4ebe5/17.PNG

https://hf-files-oregon.s3.amazonaws.com/hdpqos_kb_attachments/2017/07-18/1fd25be6-249f-41dd-8ab4-d48191b9e7ba/18.PNG

  • Open server configuration requirements

https://hf-files-oregon.s3.amazonaws.com/hdpqos_kb_attachments/2017/07-18/810773de-1286-49b8-915c-31a658c06856/19.PNG

  • Disk space requirements

https://hf-files-oregon.s3.amazonaws.com/hdpqos_kb_attachments/2017/07-18/57bc2920-03bd-4058-a500-61ab37bc7ed0/20.PNG

  • Browser compatibility

https://hf-files-oregon.s3.amazonaws.com/hdpqos_kb_attachments/2017/07-18/fc0b3ca6-70fa-4fb4-a1f0-a3f8766b3e1b/21.PNG

  • Smart Console compatibility

https://hf-files-oregon.s3.amazonaws.com/hdpqos_kb_attachments/2017/07-18/97e63d5c-4330-43d8-abb2-b23590d05cab/22.PNG

  • Mgmt to Firewall/cluster members compatibility

https://hf-files-oregon.s3.amazonaws.com/hdpqos_kb_attachments/2017/07-18/71049f05-8567-46ec-affb-a4e4f25c1462/23.PNG

========================================

14. Load the R80.10 Gaia fresh installation image with a Isomorphic USB, you can refer the below link for the detailed procedure for the Isomorphic tool :

View the Procedure

15. Using this Isomorphic USB do a fresh installation of R80.10 Gaia.

  • Hostname should be same.
  • IP address should be same.

16. Import the backup which you have generated in point-8, please refer SK54100 for the detailed procedure.

17. Download the R80.10 GUI console from the below link :

Download R80.10 GUI Console

18. Login to Smart dashboard and cross check the configuration.

NOTES :

  • We highly recommend you to install the latest jumbo hotfix take.
  • There can be a change in the installation images, migration tools and smart console. It is recommended to install the latest ones.

**************

Roll Back Plan

**************

Leave a Reply

Your email address will not be published. Required fields are marked *

Take a sneak-peek into our minds.

Read our musings on what’s changing and impacting the world in the field of cyber security and analytics.

Subscribe our Newsletter and recieve updates directly to your inbox

We don't spam!

Big News 🙂 - FWHealth (Firewall Health Reporting Tool) is now 100% Free, Forever.Know More
+