Checkpoint R62 to R65 Upgrade

Hi All,

I would need your expert advise on how can we go about planning our Checkpoint upgrade from R62 to R65. Below is the details of our current setup:

- We have 3 Pair of Nokia IP1260 Firewall, which is running 4.2-BUILD089a03 and R62 Build 911000040.
- Then we have 2 Smartcenter Manager installed on seperate Windows 2003 Server.
- Then on One SmartCenter Server hasve 2 pairs of firewall added and the another server is having one pair of firewall connected to it.

So first we were thinkging is to move all the 3 Firewalls to the Single Smart Center Server first. So how do i go about doing this? Should i just export the config from the Existing Smart Center and import it to the other one? Then re-establish the sig from the new smart center to the firewall?Is there a step by step way to do this? Like how do i test that the firewall as normal?

Once we have moved all the firewall to the Single Smart Center, we will then upgrade the Smartcenter without any firewall connected to the R65 Version. Is there any step to step guide on how we can go about doing this? and what are the measures we need to take before doing this upgrade?

Once that is done, we planned to move the existing 3 pairs of R62 Firewalls to the New Smartcenter which has the R65 installed in it... By right R65 smart center shoudl be able to support the R62 Firewall right? How do we first test that the Firewall rules and settings from the R62 Smart Center goes well with the R65? Also how do we move over the config to the new R65? Is it a simple export and import?

LVL 11
Who is Participating?

First the merging of the firewalls:

Check the link below on how to use cp_merge to do this. I would not try importing anything on to your current management centers, build a new one so that you have a fresh server to work with in case things go wrong - you can then plug the original(s) in, reset sic and re-push the policies.

* build a new smartcenter with the same IP as your "main" smartcenter
* import the config using upgrade_export / upgrade_import
* now follow the instructions from the checkpoint sk to merge the second smartcenter policy:
* once you have this new smartcenter, isolate the other 2 from the network and drop the new one in
* re-establish sic and try pushing a policy to the firewalls.

Next the upgrade:

* make backups and then upgrade the new smartcenter to R65 - instructions are in the release notes for the upgrade package.
* reboot and try a policy push to test that all is well - R62 firewalls can be managed by R65 smartcenters.
* next upgrade the firewalls one at a time, checking that you can push a policy after each upgrade.

HTH, please post any questions / issues
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.