Difference between revisions of "CLI upgrade guide for R75.40 SPLAT to R75.40 Gaia"
(Created page with "using the WebUI... 1. Download upgrade file Check_Point_Upgrade_for_R75.40.Splat_to_Gaia.tgz from check point website md5sum 3cfe6ba51cf3cc19bacecaad2bad555e 2. Connect a ...") |
|||
| (12 intermediate revisions by one user not shown) | |||
| Line 1: | Line 1: | ||
| − | + | why would you bother to upgrade just the O.S. and not the CP version? In this case, the goal was to get to Gaia to use VRRP instead of CPHA and we didn't feel like upgrading the SmartCenter which as R75.40. | |
| − | + | using the CLI... | |
| − | + | 1. upload the Check_Point_R75.40_Gaia.iso file or insert media into the firewall | |
| − | + | There are multiple ISO images from Check Point with the same name as above. | |
| − | + | md5 for media used here... | |
| + | # md5sum Check_Point_R75.40_Gaia.iso | ||
| + | '''e5074b92c37a165ef940cb34c1725511''' | ||
| + | |||
| + | 2. mount the media | ||
| + | |||
| + | [Expert@chkpfw2]# '''mount /mnt/cdrom''' | ||
| + | |||
| + | or | ||
| + | [Expert@chkpfw2]# '''mount -o loop /var/tmp/Check_Point_R75.40_Gaia.iso /mnt/cdrom''' | ||
| + | |||
| + | 3. verify backup status | ||
| + | cphaprob stat | ||
| + | |||
| + | 4. uninstall something... | ||
| + | |||
| + | The upgrade wrapper script will force us to chose a new product to install, so uninstall something simple. I chose Performance Pack. | ||
| + | |||
| + | [Expert@chkpfw2]# '''rpm -e CPppak-R75.40-00''' | ||
| + | |||
| + | 5. Start upgrade | ||
| + | [Expert@chkpfw2]# '''patch add cd''' | ||
| + | |||
| + | 6. Reboot | ||
| + | |||
| + | 7. Install policy | ||
| + | |||
| + | 8. Failover cpha. CPHA will still function since we haven't changed softare versions. | ||
| + | |||
| + | 9. Test traffic flows. | ||
| + | |||
| + | 10. repeat steps 1-7 on the other offline firewall. | ||
| + | |||
| + | 11. setup vrrp on both firewalls. some downtime with result. | ||
| + | |||
| + | http://www.cpwiki.net/index.php/gaia_vrrp_setup_using_CLI | ||
| + | |||
| + | 12. Edit local.arp. Replace the old unicast MAC addresses used by CPHA with the VMAC address associated with the VRRP backup-addresses. | ||
| + | |||
| + | 13. re-install policy | ||
| + | |||
| + | 14. check proxy arps on both firewalls | ||
| + | |||
| + | # fw ctl arp | ||
| + | |||
| + | 15. validate traffic flows through the firewalls | ||
Latest revision as of 18:31, 12 May 2014
why would you bother to upgrade just the O.S. and not the CP version? In this case, the goal was to get to Gaia to use VRRP instead of CPHA and we didn't feel like upgrading the SmartCenter which as R75.40.
using the CLI...
1. upload the Check_Point_R75.40_Gaia.iso file or insert media into the firewall
There are multiple ISO images from Check Point with the same name as above.
md5 for media used here...
# md5sum Check_Point_R75.40_Gaia.iso e5074b92c37a165ef940cb34c1725511
2. mount the media
[Expert@chkpfw2]# mount /mnt/cdrom
or
[Expert@chkpfw2]# mount -o loop /var/tmp/Check_Point_R75.40_Gaia.iso /mnt/cdrom
3. verify backup status
cphaprob stat
4. uninstall something...
The upgrade wrapper script will force us to chose a new product to install, so uninstall something simple. I chose Performance Pack.
[Expert@chkpfw2]# rpm -e CPppak-R75.40-00
5. Start upgrade
[Expert@chkpfw2]# patch add cd
6. Reboot
7. Install policy
8. Failover cpha. CPHA will still function since we haven't changed softare versions.
9. Test traffic flows.
10. repeat steps 1-7 on the other offline firewall.
11. setup vrrp on both firewalls. some downtime with result.
http://www.cpwiki.net/index.php/gaia_vrrp_setup_using_CLI
12. Edit local.arp. Replace the old unicast MAC addresses used by CPHA with the VMAC address associated with the VRRP backup-addresses.
13. re-install policy
14. check proxy arps on both firewalls
# fw ctl arp
15. validate traffic flows through the firewalls
