CLI upgrade guide for R75.40 SPLAT to R75.40 Gaia

From cpwiki.net
Jump to: navigation, search
Check Point Profressional Services

why would you bother to upgrade just the O.S. and not the CP version? In this case, the goal was to get to Gaia to use VRRP instead of CPHA and we didn't feel like upgrading the SmartCenter which as R75.40.

using the CLI...

1. upload the Check_Point_R75.40_Gaia.iso file or insert media into the firewall

There are multiple ISO images from Check Point with the same name as above.

md5 for media used here... 

# md5sum Check_Point_R75.40_Gaia.iso
e5074b92c37a165ef940cb34c1725511

2. mount the media 

[Expert@chkpfw2]# mount /mnt/cdrom

or 

 [Expert@chkpfw2]# mount -o loop /var/tmp/Check_Point_R75.40_Gaia.iso /mnt/cdrom

3. verify backup status 

cphaprob stat

4. uninstall something...

The upgrade wrapper script will force us to chose a new product to install, so uninstall something simple. I chose Performance Pack. 

[Expert@chkpfw2]# rpm -e CPppak-R75.40-00

5. Start upgrade 

[Expert@chkpfw2]# patch add cd

6. Reboot

7. Install policy

8. Failover cpha. CPHA will still function since we haven't changed softare versions.

9. Test traffic flows.

10. repeat steps 1-7 on the other offline firewall.

11. setup vrrp on both firewalls. some downtime with result. 

http://www.cpwiki.net/index.php/gaia_vrrp_setup_using_CLI

12. Edit local.arp. Replace the old unicast MAC addresses used by CPHA with the VMAC address associated with the VRRP backup-addresses.

13. re-install policy

14. check proxy arps on both firewalls 

# fw ctl arp

15. validate traffic flows through the firewalls

Retrieved from "http://www.cpwiki.net/index.php?title=CLI_upgrade_guide_for_R75.40_SPLAT_to_R75.40_Gaia&oldid=455"