Support Center > Search Results > SecureKnowledge Details
R80.x Upgrade Verification and Environment Simulation service
Solution

The Upgrade Verification and Environment Simulation service was created to help make your transition to R80.x as seamless as possible. This online service is hosted out of Check Point's secured Data Center. By running a simple command on a pre-R80 Security Management or Multi-Domain server, you can directly send to Check Point the configuration files from the current platform. R80.x Environment Simulation service will simulate your environment, verify the upgrade across the main features, and ensure that the database is not corrupted. You will be then notified of the status of the upgrade simulation, with advice on the best way to proceed.

Support

  • This automation supports upgrade simulation only for the following Management Servers:

    • Single Security Management Server in distributed installation (i.e., StandAlone installation is not supported).
      (output of "cpprod_util FwIsStandAlone" command should return "0").
    • Primary Security Management Server in High Availability mode (i.e., Secondary Security Management Server is not supported).
      (output of "cpprod_util FwIsPrimary" command should return "1").

  • The Upgrade simulation service tests upgrade of pre-R80 versions to R80.10.
    Upgrades from R80 to R80.10 are not simulated.

  • Dedicated SmartEvent is not supported (refer to sk115056)

 

Table of Contents:

  • Instructions for Gaia OS and Windows OS
    • Online mode
    • Offline mode
  • Instructions for IPSO OS


For Gaia OS and Windows OS

CPinfo new flags extract only the minimum relevant data required for the simulation service.

Online Mode

  1. Connect to command line on Security Management Server.

    Note: StandAlone installation, Secondary Security Management and SmartEvent blade are not supported.

  2. Log in to Expert mode.

  3. Download the latest CPinfo package:

    For Gaia OS: cpinfo -an
    For Windows OS: cpinfo -a -n

    The following message will be displayed:

    "Would you like to download the latest CPinfo package from Check Point Download Center? y/n: [y]".

    Enter [y] and wait for the process to finish.


    For Windows OS, install the downloaded package, following instructions in the Installation shield, then reboot the machine.

    Notes:
    • Support for management databases that contain non-English characters is planned to be added into CPinfo utility. For more information, refer to sk109795

    • To be able to download the latest CPinfo, enable the "Automatically download Contracts and other important data" option in the Security Management section of Global Properties

    • To be able to upload the CPinfo output to Check Point, enable the "Improve product experience by sending data to Check Point" option in the Security Management section of Global Properties.

    For more information, refer to sk111080 - How to configure Check Point software to upload data to Check Point / download data from Check Point.

  4. In Multi-Domain Management Server, reassign the Global Policy before running the cpinfo -iR command.
    For more information, refer to sk98408.

  5. Verify that you are running the latest CPInfo version. Run:  

    [Expert@HostName]# cpinfo -v

    The output should be: "This is Check Point CPinfo Build 914000xxx for GAIA"
    The minimal required build is 914000128.

  6. Run the CPinfo and notify users about upload status:

    cpinfo -iR <e-mail address>

    Example:

    For Gaia OS: cpinfo -iR "e-mail1@domain.com;e-mail2@domain.com;e-mail3@domain.com"
    For Windows OS: cpinfo -i -R "e-mail1@domain.com;e-mail2@domain.com;e-mail3@domain.com"

  7. If the license installed on the machine does not have a valid CK, you will be prompted to enter your User Center username and password.

    Example:

    "No Valid CK found. Username and password are needed
    Enter your User Center username: <e-mail.address@yourdomain.com>
    Password:
    verifying credentials..."


  8. Wait for the process to finish.
    Once all relevant files have been successfully uploaded to Check Point, an e-mail will be sent to the e-mail address provided in the command.

Note: Automation processing time is usually up to 24 hours from submission, result e-mail will be sent to the address provided in the command.

 

Offline Mode

If Internet connectivity is not available, disable the "Automatically download Contracts and other important data" and "Improve product experience by sending data to Check Point" options in the Security Management section of Global Properties to prevent the CPinfo utility attempts to connect to Check Point. 

For more information, refer to sk111080 - How to configure Check Point software to upload data to Check Point / download data from Check Point.

  1. Download and manually install the latest CPinfo package:

    Platform Download CPinfo
    CPinfo for Gaia OS
    CPinfo for Windows OS

    For CPinfo installation instructions, refer to sk92739 - The CPinfo utility.

  2. Connect to command line on Security Management Server.

    Note: StandAlone installation, Secondary Security Management and SmartEvent blade are not supported.

  3. Log in to Expert mode.

  4. In Multi-Domain Management Server, reassign the Global policy before running the cpinfo -iR command. For more information, refer to sk98408.

  5. Check the build number of CPinfo utility. Run:
    [Expert@HostName]# cpinfo 

    The output should be

    This is Check Point CPinfo Build 914000xxx for GAIA

    Verifying CK...

    OR run

    [Expert@HostName]# cpinfo -v

    The output should be: "This is Check Point CPinfo Build 914000xxx for GAIA"

  6. Run the CPinfo:

    For Gaia OS: cpinfo -iR "e-mail1@domain.com;e-mail2@domain.com;e-mail3@domain.com"
    For Windows OS: cpinfo -i -R "e-mail1@domain.com;e-mail2@domain.com;e-mail3@domain.com"

    Note: Support for management databases that contain non-English characters is planned to be added into CPinfo utility. For more information, refer to sk109795.

  7. Upload the CPinfo files.This can be done in two different ways.

    First option: Upload the CPinfo files using Check Point Uploader:

    • Copy the CPinfo output files to an online Windows-based machine.

      Note: Names of files should be in the following naming convention: [10 Digits]_[1Digit]o[1Digit]_*

      Example:

      1907139894_1o1_onetera127_21_3_2016_14_36.info.gz

      OR

      0182970633_1o2_gw-b95d4f_20_3_2016_12_48_mds_export_out.tgz
      0182970633_2o2_gw-b95d4f_20_3_2016_12_48.info.gz

    • Verify that the 'R80 Upgrade Verification Service' checkbox at the bottom is selected.
      If this checkbox is not selected, the offline process will upload the files, but they will not be automatically simulated. Files will be uploaded to our secure FTP server, but remain untouched.

      Note: In Offline Mode, enter your e-mails again in the Check Point Uploader GUI as these are separate tools.

      Important: When uploading files files from R80 environment via Check Point Uploader, do not enter the SErvice Request Number.

      Example:




    Second option: Upload the files using CPInfo.


    Tо upload files to R80 Upgrade Verification service from an online machine (which has no Check Point products installed on it), use the following syntax: 

    # cpinfo -n -r R80_desk -u user@exampledomain.com -s <SR number> -e “user1@exampledomain.com;user2@exampledomain.com” -f <MGMT machine migrate export file>out.tgz <MGMT machine file>.info.gz

    Where
    Flag Functionality Comments
    -n Do not generate the CPInfo file Info output file will not be created 
    -u Connect to Check Point User Center with specified username 
    • User will be asked to enter a password 
    • Mandatory when running CPInfo on a machine with no Check Point products installed
    -s Specify the number of Service Request opened with Check Point Support  Optional 
    -e Specify the e-mails of people that should be notified about upload status  Must be enclosed in double-quotes and separated by semi-colons 
    -f Upload the files specified
    Multiple files must be separated by spaces

 

For IPSO OS

Customers running an IPSO-based Security Management Server can also use the Environment Simulation service to check the results of a Management upgrade. Note that an IPSO-based Security Management Server cannot be upgraded to R80. The new R80 Security Management Server will have to be set up on another appliance, which is capable of supporting R80.

Follow the procedure below to update the CPinfo to the latest version (one-time update):

  1. Check the current CPinfo version and write it down. Run:

    cpinfo -v

    The output should be  "This is Check Point CPinfo Build 914000xxx for IPSO" 

  2. Run the cpinfo -an command to download the new package.

    Note: This command does not install CPinfo.

  3. Copy the downloaded package to your working directory:

    cp /opt/packages/cpinfo_914000xxx.tgz

  4. Uninstall the current CPinfo package. Run:

    clish -c "set package name /opt/CPinfo-10 off"
    clish -c "delete package name /opt/CPinfo-10"

    (Ignore the message asking you to log out)

  5. Install the new package:

    clish -c "add package media local name cpinfo_914000xxx.tgz

  6. Check the CPinfo version to see that it was updated by running:

    cpinfo -v

 


 

Related solutions:

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment