Difference between revisions of "CLI upgrade guide for R75.40 SPLAT to R75.40 Gaia"
From cpwiki.net
Line 25: | Line 25: | ||
7. Install policy | 7. Install policy | ||
− | 8. Failover cpha | + | 8. Failover cpha. CPHA will still function since we haven't changed softare versions. |
+ | 9. Test traffic flows. | ||
− | + | 10. repeat steps 1-7 on the other offline firewall. | |
+ | |||
+ | 11. setup vrrp on both firewalls. some downtime with result. | ||
+ | |||
+ | http://www.cpwiki.net/index.php/gaia_vrrp_setup_using_CLI | ||
+ | |||
+ | 12. Edit local.arp. Replace the old unicast MAC addresses used by CPHA with the VMAC address associated with the VRRP backup-addresses. | ||
+ | |||
+ | 13. re-install policy | ||
+ | |||
+ | 14. check proxy arps on both firewalls | ||
+ | |||
+ | # fw ctl arp |
Revision as of 21:57, 13 September 2013
using the CLI...
1. upload the Check_Point_R75.40_Gaia.iso file or insert media into the firewall
2. mount the media
[Expert@chkpfw2]# mount /mnt/cdrom
or
[Expert@chkpfw2]# mkdir /mnt/iso [Expert@chkpfw2]# mount -o loop /var/tmp/Check_Point_R75.40_Gaia.iso /mnt/iso
3. verify backup status
cphaprob stat
4. uninstall something...
The upgrade wrapper script will force us to chose a new product to install, so uninstall something simple. I chose Performance Pack. [Expert@chkpfw2]# rpm -e CPppak-R75.40-00
5. Start upgrade
[Expert@chkpfw2]# patch add cd
6. Reboot
7. Install policy
8. Failover cpha. CPHA will still function since we haven't changed softare versions.
9. Test traffic flows.
10. repeat steps 1-7 on the other offline firewall.
11. setup vrrp on both firewalls. some downtime with result.
http://www.cpwiki.net/index.php/gaia_vrrp_setup_using_CLI
12. Edit local.arp. Replace the old unicast MAC addresses used by CPHA with the VMAC address associated with the VRRP backup-addresses.
13. re-install policy
14. check proxy arps on both firewalls
# fw ctl arp