Thursday, May 29, 2014

Check Point Upgrade Plan Of Action: A Written Plan...

This was our 'written plan' for the night we did this upgrade.  We (one of my customers and I) thought it good to write the plan out and just have it by our side, should we need to refer to it.  Good idea.

1. Reboot FW1 and push policy to overcome memory leak problem.
2. On both FW1 and FW2, change the CCP method of communication to "broadcast" with the "cphaconf set_ccp broadcast" command.
3. FW2 should be active. (because of the check point settings to keep the active member active, not set by priority)
4. Upgrade FW1.
5. Reboot FW1.
6. On FW1, do "fw ver" (SPLAT)
7. Check SIC on FW1. (restablish if necessary, documentation does not state that it is necessary).
8. In Dashboard, change FWCluster version to R77.10.
9. Push policy and make sure you uncheck "if fail ..."
10. After policy push, "cphado prob stat" to make sure upgrade was successful.
11. Check to make sure Internet, etc is still up.
12. On FW2, do a 'cpstop' (theoretically, this is when traffic should fail over to FW1). ***JUST FYI, WE DID NOT DO THIS STEP***
13. Check FW1 by doing a "cphaprob stat" and look in Tracker to verify traffic is going to FW1.
14. Upgrade FW2.
15. Reboot FW2.
16. On FW2, do "fw ver" (SPLAT)
17. Check SIC on FW2. (restablish if necessary, documentation does not state that it is necessary).
18. Push policy.
19. Test all traffic.
20. On both FW1 and FW2, change the CCP method of communication to "multicast" with the "cphaconf set_ccp multicast" command.

No comments:

Post a Comment

Your comment will be reviewed for approval. Thank you for submitting your comments.