We help IT Professionals succeed at work.

Check out our new AWS podcast with Certified Expert, Phil Phillips! Listen to "How to Execute a Seamless AWS Migration" on EE or on your favorite podcast platform. Listen Now

x

Checkpoint Firewall upgrade failed

foad
foad asked
on
Medium Priority
1,302 Views
Last Modified: 2012-05-11
We have (2) Nokia ip560's, they were running ipso 4.2 and r65, had vendor upgrade management server (splat) no issue. Then took secondary 560 out of cluster, upgraded ipso to 6.2, then upgraded to R71, no issue, then when we tried to join it back to cluster with existing primary that is on ipso 4.2 and R65, it fails with -> Cluster password authentication failure. We went in and verified it had correct password, then tried again, same error. We then went into Primary box did "change password" and tried it with new password, same error?

I've read through a ton of notes, and even ipso 6.2 release notes and it says that 6.2 will work with 4.2?

I received this reply from CPUG posting I put up:
You can not make any working Cluster with different software versions. R65 will never works together with R71, both cluster member should have the same version of CP software.

I then forwarded his reply to our FW vendor and this is what he said:
The information you provided is true. However, we were trying to bring the secondary unit into the IPSO cluster, which was prior to turning on the Checkpoint piece on the unit.
This IPSO clustering is to be independent of applications running on the units.

????
Comment
Watch Question

CERTIFIED EXPERT
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Author

Commented:
Ok, so your saying that we need to make Upgraded (Now R71) 560 primary, break cluster, upgrade previous primary (R65, 4.2) to 6.2 and R71 then rejoin both to Cluster?
CERTIFIED EXPERT

Commented:
As we have the cluster config on the new (upgraded node) and as long as SIC still works, we can simply turn off the old unit and turn on the new one.  Push policy and all will be well, with a one node cluster.

As soon as the other unit is upgraded, we can add to cluster, get CP sync working and then push policy for a working 2 node cluster
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.