Check Point introduces a new upgrade mechanism for the Security Management server for upgrades between R8X versions (from R80.20 and higher).
The new Security Management Upgrade mechanism provides several benefits:
- Includes updatable code that allows faster release of upgrade-related features and fixes.
- Security Management Servers with online access to checkpoint.com will be able to fetch the latest available upgrade packages automatically, eliminating the need for an administrator to download and import upgrade packages manually.
- New dynamic HTML upgrade report that shows the current status while upgrade is in progress and the final report once upgrade is done.
Below is the matrix of source versions, from which you can upgrade (appear in the left-most column) and target versions, to which you can upgrade (appear in other columns) using the new upgrade mechanism.
- This upgrade path is supported.
- This upgrade path is not supported (the source version is higher than or equal to the target version).
- This upgrade path is not handled by the "new upgrade", but by another mechanism.
In some cases, updating the Upgrade Tools manually to the latest is required to perform the upgrade. The cases are:
- Poor Internet connectivity between the Management Server and Check Point Download Center.
- The Management Server is not connected to the Internet.
- The setting to perform an automatic update of the CPUSE Agent is disabled
(Gaia Portal -> Upgrades (CPUSE) -> Software Updates Policy ->
the checkbox "Automatically update Deployment Agent (recommended)" is cleared).
To install the latest version of the Check Point Upgrade Tools Package manually:
Make sure your Deployment Agent is up-to-date.
To download latest Deployment Agent, refer to sk92449.
Download the applicable Check Point Upgrade Tools Package from the table below:
IMPORTANT: Do NOT open the TGZ file and do NOT manually install the RPM file.
Follow the instructions below to import and install the upgrade tools package with CPUSE only.
If CPUSE cannot install this package, contact Check Point Support for assistance.
Make sure the hash checksum of the downloaded package is the same as appears on its download page in the fields MD5, SHA1, or SHA256.
Import the Check Point Upgrade Tools Package on the Management Server in one of these ways:
In Gaia Portal:
Refer to sk92449 - section (4-A-c) Show / Hide import instructions for Offline procedure - Gaia Portal
In Gaia Clish:
Refer to sk92449 - section (4-A-d) Show / Hide import instructions for Offline procedure - Gaia Clish
Install the Check Point Upgrade Tools Package on the Management Server in one of these ways:
In Gaia Portal:
Refer to sk92449 - section (4-B-a-i) Show / Hide installation instructions in Gaia Portal for Hotfixes
In Gaia Clish:
Refer to sk92449 - section (4-B-a-iii) Show / Hide installation instructions in Gaia Clish for Hotfixes
Make sure the package is installed on the Management Server.
Run in the Expert mode:
cpprod_util CPPROD_GetValue CPupgrade-tools-<VERSION> BuildNumber 1
<Version> is the target version, to which you plan to upgrade. One of these:
R81.20, R81.10, R81, R80.40, R80.30, R80.20.M2, R80.20
[Expert@MyMgmt]# cpprod_util CPPROD_GetValue CPupgrade-tools-R81.20 BuildNumber 1
The output must show the same build number you see in the name of the downloaded TGZ package.
Important - Output of the "
cpinfo -y all" command does not show the Upgrade Tools Package because it is not an update / hotfix package.
Note for the Advanced Upgrade
If you encountered one of the "Symptoms" of sk164932, use the '-skip_upgrade_tools_check' flag during any migration operation, after you update the Upgrade Tools package to the latest version:
Refer to sk163814 - Security Management Upgrade troubleshooting (new upgrade process).
Schedule a maintenance window. The "
migrate_server" command may restart all Check Point services on your Management Server.
On a Multi-Domain Security Management Server, the "
migrate_server" command covers all Domains, as opposed to the previous "
migrate" script that only collected the local Domain, to which you were currently logged in.