This article describes how to downgrade your single VSX Gateway from R77.20 / R77.30 to a previous version (from which you have upgraded).
To be able to downgrade your single VSX Gateway, you must have a complete backup of your Security Management Server / Multi-Domain Security Management Server with the desired VSX object configuration.
Example: If you want to perform downgrade your single VSX Gateway from R77.20 to R77, you need a backup of the Security Management Server / Multi-Domain Security Management Server where the your single VSX Gateway object is configured as R77.
Backup the involved machines at the same time:
Security Management Server / Multi-Domain Security Management Server
Single VSX Gateway
Note: Refer to "Related Documentation" section below - "How to Backup".
Restore the Security Management Server / Multi-Domain Security Management Server with the desired VSX object configuration (refer to "Related Documentation" section below - "How to Backup and Restore").
Perform clean installation of the previous version on the single VSX Gateway (refer to "Related Documentation" section below).
Run Gaia First Time Configuration Wizard on the single VSX Gateway (refer to sk71000 and sk69701). You must use the same Management IP address as was used by the previous single VSX Gateway (prior to the upgrade).
If any hotfixes were installed, then install them on the single VSX Gateway. For hotfix installation instructions, refer to the release notes that were provided with the hotfix, or contact Check Point Support.
Install the required licenses on the single VSX Gateway using cplic put command.
Start the reconfigure process for the single VSX Gateway:
Close all SmartConsole windows (SmartDashboard, SmartView Tracker, SmartView Monitor, etc.).
Run the 'vsx_util reconfigure' command and follow on-screen instructions.
Important Note: If you have vital configuration in Gaia OS / FireWall / SecureXL / CoreXL / etc. (e.g., Dynamic Routing, DHCP Relay, $FWDIR/boot/modules/fwkern.conf, $PPKDIR/boot/modules/simkern.conf, $FWDIR/conf/fwaffinity.conf, or any other special configuration), then do NOT reboot after the reconfigure operation. First, reconfigure the required Gaia OS settings in Clish, add the required settings in the configuration files, and only then reboot the machine.
On the single VSX Gateway, verify that all Virtual Systems are up with the correct policy (this may take few minutes):
[Expert@HostName:0]# vsx stat -v
The following limitations apply during downgrade and restore process:
Loss of changes on Management Server: Any changes that were made in SmartDashboard after collecting the backup of Security Management Server / Multi-Domain Security Management Server will be lost (this refers to any object managed by this Management Server).
VSX Gateway downtime: Any existing connections will be terminated.
The following will not be restored on VSX Gateway during the rollback process:
Any OS configuration (e.g., DNS, NTP, DHCP, Dynamic Routing, DHCP Relay, etc.)
Backup files and snapshots saved on the VSX Gateway in the past.
Any user-defined settings in various configuration files.
Any Check Point configuration files.
Note: Some of these files do not exist by default. Some files are configured per VSX Gateway, and some files are configured per Virtual System.