Support Center > Search Results > SecureKnowledge Details
Rollback single VSX Gateway from R77.20 / R77.30 to previous version Technical Level
Solution

Refer to the main sk97552 (VSX Reconfigure and Upgrade Matrix to R77.10 / R77.20 / R77.30).

 

Table of Contents:

  • Introduction
  • Requirements
  • Procedure
  • Limitations
  • Related Documentation

 

Introduction

This article describes how to downgrade your single VSX Gateway from R77.20 / R77.30 to a previous version (from which you have upgraded).

 

Requirements

To be able to downgrade your single VSX Gateway, you must have a complete backup of your Security Management Server / Multi-Domain Security Management Server with the desired VSX object configuration.

Example: If you want to perform downgrade your single VSX Gateway from R77.20 to R77, you need a backup of the Security Management Server / Multi-Domain Security Management Server where the your single VSX Gateway object is configured as R77.

 

Procedure

  1. Backup the involved machines at the same time:

    • Security Management Server / Multi-Domain Security Management Server
    • Single VSX Gateway

    Note: Refer to "Related Documentation" section below - "How to Backup".

  2. Restore the Security Management Server / Multi-Domain Security Management Server with the desired VSX object configuration (refer to "Related Documentation" section below - "How to Backup and Restore").

  3. Perform clean installation of the previous version on the single VSX Gateway (refer to "Related Documentation" section below).

  4. Run Gaia First Time Configuration Wizard on the single VSX Gateway (refer to sk71000 and sk69701).
    You must use the same Management IP address as was used by the previous single VSX Gateway (prior to the upgrade).

  5. In case Bonding needs to be configured, then configure it now on the single VSX Gateway. Refer to the R77 Gaia Administration Guide.

  6. If any hotfixes were installed, then install them on the single VSX Gateway.
    For hotfix installation instructions, refer to the release notes that were provided with the hotfix, or contact Check Point Support.

  7. Install the required licenses on the single VSX Gateway using cplic put command.

  8. Start the reconfigure process for the single VSX Gateway:

    1. Close all SmartConsole windows (SmartDashboard, SmartView Tracker, SmartView Monitor, etc.).

    2. Run the 'vsx_util reconfigure' command and follow on-screen instructions.

      Important Note: If you have vital configuration in Gaia OS / FireWall / SecureXL / CoreXL / etc. (e.g., Dynamic Routing, DHCP Relay, $FWDIR/boot/modules/fwkern.conf, $PPKDIR/boot/modules/simkern.conf, $FWDIR/conf/fwaffinity.conf, or any other special configuration), then do NOT reboot after the reconfigure operation. First, reconfigure the required Gaia OS settings in Clish, add the required settings in the configuration files, and only then reboot the machine.


  9. On the single VSX Gateway, verify that all Virtual Systems are up with the correct policy (this may take few minutes):

    [Expert@HostName:0]# vsx stat -v

 

Limitations

The following limitations apply during downgrade and restore process:

  • Loss of changes on Management Server: Any changes that were made in SmartDashboard after collecting the backup of Security Management Server / Multi-Domain Security Management Server will be lost (this refers to any object managed by this Management Server).

  • VSX Gateway downtime: Any existing connections will be terminated.

  • The following will not be restored on VSX Gateway during the rollback process:

    • Any OS configuration (e.g., DNS, NTP, DHCP, Dynamic Routing, DHCP Relay, etc.)

    • Backup files and snapshots saved on the VSX Gateway in the past.

    • Any user-defined settings in various configuration files.

    • Any Check Point configuration files.

      Note: Some of these files do not exist by default. Some files are configured per VSX Gateway, and some files are configured per Virtual System.

      List of most important files (many others exist):

      • $FWDIR/boot/modules/fwkern.conf
      • $FWDIR/boot/modules/vpnkern.conf
      • $PPKDIR/boot/modules/simkern.conf
      • $PPKDIR/boot/modules/sim_aff.conf
      • $FWDIR/conf/fwaffinity.conf
      • $FWDIR/conf/fwauthd.conf
      • $FWDIR/conf/local.arp
      • $FWDIR/conf/discntd.if
      • $FWDIR/conf/cpha_bond_ls_config.conf
      • $FWDIR/conf/resctrl
      • $FWDIR/conf/vsaffinity_exception.conf
      • $FWDIR/database/qos_policy.C
      • /var/ace/sdconf.rec
      • /var/ace/sdopts.rec

 

Show / Hide documentation

Documents:

 

Solutions:

 

How to Backup and Restore:

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment