Support Center > Search Results > SecureKnowledge Details
Upgrade Tools package for upgrade from R80.20 and above Technical Level


Check Point introduces a new upgrade mechanism for the Security Management server, for upgrades between R8X versions (from R80.20 and higher).

The new Security Management Upgrade mechanism provides several benefits:

  • Includes updatable code that allows faster release of upgrade related features and fixes.
  • Security Management Servers with online access to will be able to fetch the latest available upgrade packages automatically, eliminating the need for an administrator to download and import upgrade packages manually.
  • New dynamic HTML upgrade report that shows the current status while upgrade is in progress and the final report once upgrade is done. 

Upgrade paths

The new upgrade mechanism is relevant when upgrading in the following paths:

Source / Destination R80.20 R80.20.M2 R80.30 R80.40 R81
R80.20.M1 V V V V V
R80.20 N/A V X V V
R80.20.M2 N/A N/A V V V
R80.30 N/A N/A N/A V V
R80.40 N/A N/A N/A N/A V

* N/A - invalid upgrade path (source version >= target version)
* X - valid upgrade path that is not handled by “new upgrade” but by another mechanism

In some cases, updating the Upgrade Tools manually to the latest is required to perform the upgrade. The cases are:

  1. Poor Internet connectivity between Management Server and Check Point Download Center.
  2. Management machines that are disconnected from the Internet.
  3. CPUSE -> Software Updates Policy -> "Automatically update Deployment Agent (recommended)" checkbox is cleared.

To manually install the latest version of Check Point Upgrade Tools Package:

  1. Make sure your Deployment Agent is up-to-date. To download latest Deployment Agent, refer to sk92449.

  2. Download the relevant Check Point Upgrade Tools Package from the table below:

    Target Version Download Link
    R80.20 (TGZ)
    R80.20.M2 (TGZ)
    R80.30  (TGZ)
    R80.40 (TGZ)
    R81 (TGZ)

    IMPORTANT: Do not open the TGZ file and try to manually install the RPM file. Follow the instructions below to import and install the upgrade tools package.

  3. Import the Check Point Upgrade Tools Package using the "Import Package" button:
    • Using the “Import package” button under CPUSE page in Gaia WebUI :

    • Using Clish:
      clish -c “installer import local <Full_Path>/<Package_File_Name>.<TGZ_or_TAR>

      For example:
      clish -c “installer import local /home/ngm_upgrade_wrapper_995000341_1.tgz”
  4. Make sure the package is installed. To do so, from the Expert mode, run:

    cpprod_util CPPROD_GetValue CPupgrade-tools-<version> BuildNumber 1

    where <version> can be R80.20, R80.20.M2, R80.30, R80.40 or R81


    cpprod_util CPPROD_GetValue CPupgrade-tools-R80.40 BuildNumber 1

    The output must show the same build number you see in the name of the downloaded package.

Advanced Upgrade Only

If you encountered one of the "Symptoms" of sk164932, use the '-skip_upgrade_tools_check' flag during any migration operation after updating the Upgrade Tools package to the latest.

  • The Verify command should be:

    [Expert@HostName:0]# $MDS_FWDIR/scripts/migrate_server verify -skip_upgrade_tools_check -v <version>

    where <version> can be R80.20R80.20.M2, R80.30, R80.40 or R81


    [Expert@HostName:0]# $MDS_FWDIR/scripts/migrate_server verify -skip_upgrade_tools_check -v R80.40

  • The Export command should be:

    [Expert@HostName:0]# $MDS_FWDIR/scripts/migrate_server export -skip_upgrade_tools_check -v <version> <output tgz file>

  • The Import command should be:

    [Expert@HostName:0]# $MDS_FWDIR/scripts/migrate_server import -skip_upgrade_tools_check -v <version> <export tgz file>

Give us Feedback
Please rate this document