Home
Check Point

A Step-by-Step Guide to Migrating Check Point Management Server from R80.20 to R81.10

Introduction:

In our effort to keep our network security up to date, we're moving our management server from R80.20 to R81.10. To make sure everything goes smoothly, we'll carefully follow steps on both the current R80.20 server and the new R81.10 server.

R80.20 Management Server:

Download and Install Latest Deployment Agent for R80.20:

  • To obtain the latest Deployment Agent, we'll refer to sk92449 for download instructions.

Import and Install Upgrade Tools for R81.10:

  • Download the appropriate Check Point Upgrade Tools Package from sk135172.
  • Use the following command to confirm the Build Number matches the downloaded upgrade TGZ package:
cpprod_util CPPROD_GetValue CPupgrade-tools-R81.10 BuildNumber 1
  • Verify if migration is possible by running the following command:
$FWDIR/scripts/migrate_server verify -skip_upgrade_tools_check -v R81.10

Start Database Export:

  • Initiate the database export process using the following commands: 
$FWDIR/scripts/migrate_server export -skip_upgrade_tools_check -v R81.10 /var/log/R8020_to_R8110.tgz
  • After export completion, ensure the integrity of the exported file by checking its md5 value:
md5sum /var/log/R8020_to_R8110.tgz

Copy the exported file  into your PC using WinSCP before proceeding to shut down R80.20.

R81.10 Management Server: 

Copy and Verify Exported File:

  • Transfer the R80.20 exported file to the new R81.10 Management Server and verify its md5 value:
md5sum /opt/CPsuite-R81.10/fw1/bin/upgrade_tools/R8020_to_R8110.tgz

Always ensure to copy the file to the /opt/CPsuite-R81.10/fw1/bin/upgrade_tools/ directory.

Run Import Command:

  • Navigate to the $FWDIR/scripts/ directory and execute the import command:
./migrate_server import -v R81.10 -skip_upgrade_tools_check /opt/CPsuite-R81.10/fw1/bin/upgrade_tools/R8020_to_R8110.tgz
  • Install Management Database and Policy:

Once the import is successful, proceed to install the management database and policy.

Web SmartConsole Installation: 

Download and Install Web SmartConsole Package:

  • Obtain the Web SmartConsole package as per sk170314.

Move the package to the Management Server and install it using the appropriate command (commands may vary based on Bundle no.).

/opt/AutoUpdater/latest/bin/autoupdatercli install /var/tmp/Check_Point_WEBCONSOLE_AUTOUPDATE_Bundle_T59_AutoUpdate.tar

Check Installation Status:

  • Monitor the installation progress using the command:
tail -f /opt/CPInstLog/AutoUpdateLogs/web_console

Access Web SmartConsole:

To utilize Web SmartConsole, access it via a web browser using the Management Server's IP address. Example: https://192.168.71.10/smartconsole.

Conclusion:

In this comprehensive guide, we've covered every aspect of migrating our Check Point Management Server from R80.20 to R81.10. By meticulously following these steps, we ensure a seamless transition, leveraging the latest security features and enhancements offered by R81.10. If you have any questions or need further assistance, feel free to reach out. Happy migrating!

This is the example of Migate export and import

[Expert@MGMT:0]# fw ver
This is Check Point's software version R80.20 - Build 255
[Expert@MGMT:0]#
[Expert@MGMT:0]# cpprod_util CPPROD_GetValue CPupgrade-tools-R81.10 BuildNumber 1
996000412
[Expert@MGMT:0]# $FWDIR/scripts/migrate_server verify -skip_upgrade_tools_check -v R81.10
The verify operation finished successfully.

Notes:
 1. It is recommended to use the latest upgrade tools package. The latest package is installed automatically on online environments, for upgrade of offline environments refer to sk135172.
 2. Only latest revision will be upgraded. It is recommended to publish important changes before upgrade. Unpublished changes will be lost.
 3. Run the upgrade verification on all servers in your environment before you upgrade.
[Expert@MGMT:0]#
[Expert@MGMT:0]# $FWDIR/scripts/migrate_server export -skip_upgrade_tools_check -v R81.10 /var/log/R8020_to_R8110.tgz
The export operation will eventually stop all Check Point services (cpstop; cpwd_admin kill). Do you want to continue (yes/no) [n]? yes
Exporting the Management Database
Operation started at Wed Aug 17 22:59:15 IST 2022

[==================================================] 100% Done
Detailed upgrade report is available at /opt/CPsuite-R80.20/fw1/log/upgrade_report-2022.08.17_23.19.15.html

The export operation completed successfully. Do you wish to start Check Point services (yes/no) [y]? yes
Starting Check Point services ...
The export operation finished successfully.
Exported data to: /var/log/R8020_to_R8110.tgz.
[Expert@MGMT:0]#
[Expert@MGMT:0]# md5sum /var/log/R8020_to_R8110.tgz
55acceab326cebfb5b6af2bece24e9cb  /var/log/R8020_to_R8110.tgz
[Expert@MGMT:0]#
[Expert@MGMT:0]# cpwd_admin list
APP        PID    STAT  #START  START_TIME             MON  COMMAND
CPVIEWD    112538 E     1       [23:20:26] 17/8/2022   N    cpviewd
HISTORYD   112541 E     1       [23:20:26] 17/8/2022   N    cpview_historyd
CPD        112558 E     1       [23:20:26] 17/8/2022   Y    cpd
FWD        112636 E     1       [23:20:28] 17/8/2022   N    fwd -n
FWM        112640 E     1       [23:20:28] 17/8/2022   N    fwm
STPR       112663 E     1       [23:20:28] 17/8/2022   N    status_proxy
CPM        112978 E     1       [23:20:30] 17/8/2022   N    /opt/CPsuite-R80.20/fw1/scripts/cpm.sh -s
SOLR       113072 E     1       [23:20:31] 17/8/2022   N    java_solr /opt/CPrt-R80.20/conf/jetty.xml
RFL        113120 E     1       [23:20:31] 17/8/2022   N    LogCore
SMARTVIEW  113168 E     1       [23:20:31] 17/8/2022   N    SmartView
INDEXER    113236 E     1       [23:20:31] 17/8/2022   N    /opt/CPrt-R80.20/log_indexer/log_indexer
SMARTLOG_SERVER 113297 E     1       [23:20:32] 17/8/2022   N    /opt/CPSmartLog-R80.20/smartlog_server
DASERVICE  113787 E     1       [23:20:36] 17/8/2022   N    DAService_script
[Expert@MGMT:0]# fw ver
This is Check Point's software version R80.20 - Build 255
[Expert@MGMT:0]#
[Expert@MGMT:0]# fw ver
This is Check Point's software version R81.10 - Build 883
[Expert@MGMT:0]#
[Expert@MGMT:0]# md5sum /opt/CPsuite-R81.10/fw1/bin/upgrade_tools/R8020_to_R8110.tgz
55acceab326cebfb5b6af2bece24e9cb  /opt/CPsuite-R81.10/fw1/bin/upgrade_tools/R8020_to_R8110.tgz
[Expert@MGMT:0]#
[Expert@MGMT:0]# cd $FWDIR/scripts/
[Expert@MGMT:0]#
[Expert@MGMT:0]# ./migrate_server import -v R81.10 -skip_upgrade_tools_check /opt/CPsuite-R81.10/fw1/bin/upgrade_tools/R8020_to_R8110.tgz
Importing the Management Database
Operation started at Thu Aug 18 00:29:10 IST 2022

[==================================================] 100% Done
Detailed upgrade report is available at /opt/CPsuite-R81.10/fw1/log/upgrade_report-2022.08.18_01.17.08.html

The import operation finished successfully.
[Expert@MGMT:0]#
[Expert@MGMT:0]# cpwd_adin list
-bash: cpwd_adin: command not found
[Expert@MGMT:0]# cpwd_admin list
APP        PID    STAT  #START  START_TIME             MON  COMMAND
CPVIEWD    18414  E     1       [00:48:49] 18/8/2022   N    cpviewd
CPVIEWS    18423  E     1       [00:48:49] 18/8/2022   N    cpview_services
CPD        18441  E     1       [00:48:49] 18/8/2022   Y    cpd
CPM        18933  E     1       [00:48:51] 18/8/2022   N    /opt/CPsuite-R81.10/fw1/scripts/cpm.sh -s
CPSM       96443  E     5       [01:17:25] 18/8/2022   N    cpstat_monitor
FWD        88843  E     1       [01:14:55] 18/8/2022   N    fwd -n
FWM        88847  E     1       [01:14:55] 18/8/2022   N    fwm
FWMHA      88855  E     1       [01:14:55] 18/8/2022   N    fwmha -H
STPR       88888  E     1       [01:14:55] 18/8/2022   N    status_proxy
SOLR       89469  E     1       [01:14:59] 18/8/2022   N    java_solr
RFL        89525  E     1       [01:15:00] 18/8/2022   N    LogCore
SMARTVIEW  89579  E     1       [01:15:00] 18/8/2022   N    SmartView
INDEXER    89688  E     1       [01:15:01] 18/8/2022   N    /opt/CPrt-R81.10/log_indexer/log_indexer
SMARTLOG_SERVER 89763  E     1       [01:15:01] 18/8/2022   N    /opt/CPSmartLog-R81.10/smartlog_server
REPMAN     90497  E     1       [01:15:06] 18/8/2022   N    java_repository_manager
DASERVICE  90520  E     1       [01:15:06] 18/8/2022   N    DAService_script
AUTOUPDATER 90542  E     1       [01:15:07] 18/8/2022   N    AutoUpdaterService.sh
[Expert@MGMT:0]#
[Expert@MGMT:0]#
[Expert@MGMT:0]# fw ver
This is Check Point's software version R81.10 - Build 883
[Expert@MGMT:0]#
[Expert@MGMT:0]# fw ver
This is Check Point's software version R81.10 - Build 883
[Expert@MGMT:0]#
[Expert@MGMT:0]# /opt/AutoUpdater/latest/bin/autoupdatercli install /var/tmp/Check_Point_WEBCONSOLE_AUTOUPDATE_Bundle_T59_AutoUpdate.tar

        Install request of component web_console version 59 handled. To see installation status, see logs: /opt/AutoUpdater/AutoUpdater.log and /opt/CPInstLog/AutoUpdateLogs/web_console

[Expert@MGMT:0]#
[Expert@MGMT:0]# tail -f /opt/CPInstLog/AutoUpdateLogs/web_console
Thu Aug 18 00:18:41 IST 2022
container is up and running
Web SmartConsole CheckHealth finished successfully

*N* %08-18  00:18:53% :  Installation succeeded for component web_console
*N* %08-18  00:19:26% :  ----------------------------------------------------------------------


[Expert@MGMT:0]#
#Check Point

Post a Comment

Cookie Consent
We serve cookies on this site to analyze traffic, remember your preferences, and optimize your experience.
More Details
Oops!
It seems there is something wrong with your internet connection. Please connect to the internet and start browsing again.
AdBlock Detected!
We have detected that you are using adblocking plugin in your browser.
The revenue we earn by the advertisements is used to manage this website, we request you to whitelist our website in your adblocking plugin.
Site is Blocked
Sorry! This site is not available in your country.