Checkpoint R62 to R65 Upgrade

Hi All,

I would need your expert advise on how can we go about planning our Checkpoint upgrade from R62 to R65. Below is the details of our current setup:

- We have 3 Pair of Nokia IP1260 Firewall, which is running 4.2-BUILD089a03 and R62 Build 911000040.
- Then we have 2 Smartcenter Manager installed on seperate Windows 2003 Server.
- Then on One SmartCenter Server hasve 2 pairs of firewall added and the another server is having one pair of firewall connected to it.

So first we were thinkging is to move all the 3 Firewalls to the Single Smart Center Server first. So how do i go about doing this? Should i just export the config from the Existing Smart Center and import it to the other one? Then re-establish the sig from the new smart center to the firewall?Is there a step by step way to do this? Like how do i test that the firewall as normal?

Once we have moved all the firewall to the Single Smart Center, we will then upgrade the Smartcenter without any firewall connected to the R65 Version. Is there any step to step guide on how we can go about doing this? and what are the measures we need to take before doing this upgrade?

Once that is done, we planned to move the existing 3 pairs of R62 Firewalls to the New Smartcenter which has the R65 installed in it... By right R65 smart center shoudl be able to support the R62 Firewall right? How do we first test that the Firewall rules and settings from the R62 Smart Center goes well with the R65? Also how do we move over the config to the new R65? Is it a simple export and import?

LVL 11
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.


First the merging of the firewalls:

Check the link below on how to use cp_merge to do this. I would not try importing anything on to your current management centers, build a new one so that you have a fresh server to work with in case things go wrong - you can then plug the original(s) in, reset sic and re-push the policies.

* build a new smartcenter with the same IP as your "main" smartcenter
* import the config using upgrade_export / upgrade_import
* now follow the instructions from the checkpoint sk to merge the second smartcenter policy:
* once you have this new smartcenter, isolate the other 2 from the network and drop the new one in
* re-establish sic and try pushing a policy to the firewalls.

Next the upgrade:

* make backups and then upgrade the new smartcenter to R65 - instructions are in the release notes for the upgrade package.
* reboot and try a policy push to test that all is well - R62 firewalls can be managed by R65 smartcenters.
* next upgrade the firewalls one at a time, checking that you can push a policy after each upgrade.

HTH, please post any questions / issues

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software Firewalls

From novice to tech pro — start learning today.