Support Center > Search Results > SecureKnowledge Details
How to upgrade via clean install a Maestro Security Group from the R80.20SP / R80.30SP versions to the R81 for Scalable Platforms version Technical Level
Solution

Prerequisite: You must upgrade the Management Server to R81 (see sk166715) before you upgrade the Maestro Security Groups.

Important Notes:

  1. This procedure is not an upgrade to R81, but a clean install of R81.
    This procedure requires a total downtime.
  2. The software version of the Maestro Orchestrator remains R80.20SP.
  3. If you wish to perform an in-place upgrade without performing a clean install, you may upgrade to R81.10, refer to the Admin Guide
  4. Upgrade from R80.20SP or R80.30SP to R81 is not supported.
    Only R81 Clean Install is supported. (sk148074)

Procedure:

This procedure is an example for a Security Group that contains two appliances (appliance # 1 and appliance # 2) running R80.20SP.

Step For Security Group in the Security Gateway mode For Security Group in the VSX mode

1

On the Orchestrator:

Detach appliance # 2 from the Security Group.

On the Orchestrator:

Detach appliance # 2 from the Security Group.

2

On appliance # 2:

Perform a Clean Install of the R81 image for Scalable Platforms from sk169954.

Write down the Activation Key you entered during the installation. You use it later in SmartConsole.

On appliance # 2:

Perform a Clean Install of the R81 image for Scalable Platforms from sk169954.

Write down the Activation Key you entered during the installation. You use it later in the "vsx_util reconfigure" procedure.

3

On the Orchestrator:

Create a new Security Group # 2 as a Security Gateway with different traffic interfaces.

Best Practice - Although you can create the same Security Group again, it is better to create another Security Group before you delete the previous one.

On the Orchestrator:

Create a new Security Group # 2 in VSX mode with the same Management IP address, but different traffic interfaces.

Best Practice - Although you can create the same Security Group again, it is better to create another Security Group before you delete the previous one.

4

On the Orchestrator:

Configure the Security Group # 2.

On the Security Group # 2:

Configure the same settings as configured on the Security Group # 1 - interfaces, DNS, NTP, routes, other Gaia OS settings.

On the Orchestrator:

Shut down the Management interface of the Security Group # 1.

5

On the Orchestrator:

Assuming you use the same Management IP address - shut down the Management interface of Security Group # 1 (you can do it even before you create Security Group # 2).

On the Security Management Server:

Upgrade the VSX object.

Run: vsx_util upgrade

6

Prerequisite:

Make sure the Management Server can connect to the Management Port (on the Orchestrator) you assigned to the Security Group # 2

In SmartConsole:

  1. Open the Security Gateway object
  2. From the left tree, click General
  3. Reset the SIC:
    1. In the Secure Internal Communication section, click the Communication button
    2. Click the Reset button
    3. Click Yes to confirm
    4. Click OK
    5. Enter the one-time password - it is the Activation Key you entered during the installation
    6. Click Initialize
    7. Click OK
  4. In the Version field, select R81
  5. Update the topology configuration:
    1. From the left tree, click Network Management
    2. Click Get Interfaces > Get Interfaces With Topology
    3. Click Accept
  6. Click OK

Prerequisite:

Make sure the Management Server can connect to the Management Port (on the Orchestrator) you assigned to the Security Group # 2

On the Security Management Server:

Push the VSX configuration to the Security Group #2.

Run: vsx_util reconfigure

7

In SmartConsole:

Install policy on the Security Gateway object.

On the Security Management Server:

Follow sk171545 to change the value of the scalable_platform attribute to true in the GuiDBedit Tool.

Note: You must make this change in the VSX Gateway object and in the object of each Virtual System on this VSX Gateway.

8

On the Orchestrator:

Connect cables to traffic interfaces of the Security Group # 2 (requires a downtime).

On the Orchestrator:

Connect cables to traffic interfaces of Security Group # 2 (requires a downtime).

9

Perform initial tests.

Perform initial tests.

10

On the Orchestrator:

Detach appliance # 1 from the Security Group # 1.

On the Orchestrator:

Detach appliance # 1 from the Security Group # 1.

11

On the Orchestrator:

Delete the Security Group #1.

On the Orchestrator:

Delete the Security Group # 1.

12

On appliance # 2:

Perform a Clean Install of the R81 image for Scalable Platforms from sk169954.

On appliance # 2:

Perform a Clean Install of the R81 image for Scalable Platforms from sk169954.

13

On the Orchestrator:

Add appliance # 1 to Security Group # 2.

On the Orchestrator:

Add appliance # 1 to Security Group # 2.

This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment