Difference between revisions of "CLI upgrade guide for R75.40 SPLAT to R75.40 Gaia"
| Line 5: | Line 5: | ||
There are multiple ISO images from Check Point with the same name as above. | There are multiple ISO images from Check Point with the same name as above. | ||
| − | md5 for media | + | md5 for media used here... |
# md5sum Check_Point_R75.40_Gaia.iso | # md5sum Check_Point_R75.40_Gaia.iso | ||
'''e5074b92c37a165ef940cb34c1725511''' | '''e5074b92c37a165ef940cb34c1725511''' | ||
Revision as of 15:20, 14 September 2013
using the CLI...
1. upload the Check_Point_R75.40_Gaia.iso file or insert media into the firewall
There are multiple ISO images from Check Point with the same name as above.
md5 for media used here...
# md5sum Check_Point_R75.40_Gaia.iso e5074b92c37a165ef940cb34c1725511
2. mount the media
[Expert@chkpfw2]# mount /mnt/cdrom
or
[Expert@chkpfw2]# mkdir /mnt/iso [Expert@chkpfw2]# mount -o loop /var/tmp/Check_Point_R75.40_Gaia.iso /mnt/iso
3. verify backup status
cphaprob stat
4. uninstall something...
The upgrade wrapper script will force us to chose a new product to install, so uninstall something simple. I chose Performance Pack. [Expert@chkpfw2]# rpm -e CPppak-R75.40-00
5. Start upgrade
[Expert@chkpfw2]# patch add cd
6. Reboot
7. Install policy
8. Failover cpha. CPHA will still function since we haven't changed softare versions.
9. Test traffic flows.
10. repeat steps 1-7 on the other offline firewall.
11. setup vrrp on both firewalls. some downtime with result.
http://www.cpwiki.net/index.php/gaia_vrrp_setup_using_CLI
12. Edit local.arp. Replace the old unicast MAC addresses used by CPHA with the VMAC address associated with the VRRP backup-addresses.
13. re-install policy
14. check proxy arps on both firewalls
# fw ctl arp
15. validate traffic flows through the firewalls
