Friday, July 27, 2012

Check Point Upgrade Process Via WebUI: Step By Step From R65 To R75.30

Here was the process I and another engineer took to do an upgrade from R65 (came on the box) to R75.30.  One really good thing I noticed in this procedure below is that when we went from R65 directly to R75 via the webUI, we did not have to edit the boot file when we went to R75.20.  I talk about editing that boot file in this link if you would like to see that. That was the only difference than in the past that we did.  I suspect that Check Point fixed something in their upgrade package that fixed that issue.  Anyway, see below for the step by step procedure we took.

rack unit.
power on.
webUI into on management port.
initialize check point (ip addresses, cluster membership, routes, etc) through webUI.
upgrade direct from r65 to r75 successfully via webUI.  It took about 8 minutes to do.
added static routes in webUI.
broke cluster in check point software on management station.
establish sic in CLI on new firewall.
establish sic in check point software on management station.
detach license in smart update on the new firewall.
reattach license for new firewall. (NOTE: license is the wrong mac address at this point)
upgrade from r75 to r75.10
upgrade from r75.10 to r75.20 (option for safe upgrade is greyed out when going to r75.20).
did NOT have to edit boot file (bug).
upgrade from r75.20 to r75.30 in webUI (option for safe upgrade was available when going to r75.30).
NOTE*** at some point, correct the license.  you may have to do this through the licensing team at CP.
create policy, etc.
push policy.