VSX Reconfigure and Upgrade Matrix to R77.10 / R77.20 / R77.30
Table of Contents:
This article describes the following procedures for VSX Gateway / VSX Cluster Members:
- reconfiguring (R77.10 / R77.20 / R77.30) - used to replace / rebuild the VSX machine after a failure or RMA
- upgrading (to R77.10 / R77.20 / R77.30) - used to upgrade the VSX machine to higher release
- rollback (from R77.20 / R77.30) - used to downgrade the VSX machine from R77.20 / R77.30
In contrast to non-VSX gateways, the VSX configuration resides on the Security Management Server / Domain Security Management Server that manages the VSX Gateway / VSX cluster member / Virtual Devices (VS, VSW, VR, VSB):
- Configuration that is stored on the Security Management Server / Domain Security Management Server:
- names of VSX objects
- configuration of Wrp/Wrpj interfaces
- VSX routes
- Local configuration that is stored on the VSX Gateway / VSX cluster member itself:
- OS configuration (e.g., DNS, NTP, DHCP, Dynamic Routing, etc.)
- any settings manually defined in various configuration files on VSX machine
To upgrade VSX to R80.10, refer to R80.10 Installation and Upgrade Guide:
- Chapter "Installing Security Gateways" - section "Installing VSX Gateways"
- Chapter "Upgrading Security Management Servers and Security Gateways" - section "Upgrading Security Gateways" - subsection "Upgrading a VSX Gateway"
- Chapter "Upgrading ClusterXL Deployments" - section "Connectivity Upgrade" - subsection "Upgrading VSX High Availability Cluster",
and sk107042 - ClusterXL upgrade methods and paths
(2) Reconfigure process
In the event of a catastrophic failure of a VSX Gateway / VSX cluster member, you can use the '
vsx_util reconfigure' command to restore the configuration of VSX Gateway / VSX cluster member, including the configuration of Virtual Devices (VS, VSW, VR, VSB).
(2-A) Reconfigure Procedures
(2-B) Reconfigure Limitations
The reconfigure process does not restore the local configuration that was performed on VSX Gateway / VSX cluster member itself. These settings have to be reconfigured manually from scratch / from backed up files.
The following will not be restored during the reconfigure process:
- Any OS configuration (e.g., DNS, NTP, DHCP, Dynamic Routing, DHCP Relay, etc.)
- Backup files and snapshots saved on the VSX Gateway / VSX cluster member in the past.
- Any settings manually defined in various configuration files on VSX machine.
Any Check Point configuration files.
Note: Some of these files do not exist by default. Some files are configured per VSX Gateway / VSX cluster member, and some files are configured per Virtual System.
List of most important files (many others exist):
(3) Upgrade process
(3-A) Upgrade Methods
VSX Gateway / VSX cluster member can be upgraded either by clean install, or by in-place upgrade (for minor releases only):
- Clean install - this procedure is available for upgrade from any version either to R77.10, to R77.20, or to R77.30.
Note: Before using clean install upgrade, refer to section "(2-B) Reconfigure Limitations".
- In-place upgrade - this procedure is available only for upgrade either from R77 to R77.10, or from R77 to R77.20, or from R77 to R77.30, or from R77.10 to R77.20, or from R77.10 to R77.30, or from R77.20 to R77.30.
This procedure keeps all previous configurations.
(3-B) Upgrade Procedures
Important Note: You must collect a complete backup of the Security Management Server / Multi-Domain Security Management Server and of the involved VSX Gateway / VSX cluster member. This will be used in case of rollback. Transfer the backup files to an external storage before the upgrade process.
(4) Rollback process
In case of problem during the upgrade process, you can perform rollback to your previous state.
- sk104859 - Check Point R77.30
- sk101208 - Check Point R77.20
- sk97617 - Check Point R77.10
- Release Notes (R76, R77, R77.10, R77.20, R77.30, R80).
- VSX Administration Guide (VSX NGX R65, VSX NGX R67, R75.40VS, R76, R77, R80).
- Installation and Upgrade Guide (R76, R77 Gaia, R77 Non-Gaia).
- Gaia Administration Guide (R76, R77).
- SecurePlatform Administration Guide (R76, R77).
- Command Line Interface Reference Guide (R76, R77).