Check Point R77.30 FW HA Cluster upgrade to R80.30 Distributed Deployment

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hey guys how's it gone so in this video we'll be going over is the upgrade for a our 7730 cluster this is the virtual topology that I have created right now so we have a high availability cluster setup right here in the center with our 7730 with the primary here on top and the standby on the bottom this goes out to the internet through this switch and then we do have on the other side another switch that would be considered like your data plane so we do have a Windows 10 host as well as the our 8030 management and so since we're already on it our 8030 this is a fairly straightforward process luckily and let's go ahead and run through it really quickly so we have the Windows 10 host that's behind the gateways right now we have the default gateway set to the virtual IP of the cluster which is 10 by 0.03 and just to confirm let's make sure yes we do have the default gateway set to the cluster IP and since we're not really touching the management for this we don't have to do like a migrate export or anything and again this is a pretty straightforward process which is which is good for us so the first thing that we want to do is we want to check to make sure that the primary is actually really the active member right now so to do that lets go ahead and ssh into one of the gateways to really matter which one but let's go ahead and connect and we can do a cpha prague space state ok so we can see the local there's one that you're running the command on so 10.1 which is the primary right now is actually in the standby state and so you know we can actually just upgrade the secondary but for ever purposes will kind of let's just failover to the primary 10.1 and kind of do it like how the instructions and the checkpoint documentation has it so really to do that we can actually just open up another putty and SSH into the standby and we'll just do a sneaky stop okay and then we can actually just go ahead and run this again we can say we can see here now that this is the active one and we can do is see if you start on here again actually what we could have done is just a CPU restart right it's okay either way it's fine all right started successfully we come back over here yeah so we do have the active and standby and perfect so at this point what we can do is we can actually just go ahead and start the upgrade on the standby so if we go to 10.00 a to go to cpu SE and i already downloaded successfully this is the file that we'll be using you may need to obtain your configuration lock so if you don't already have this imported you can just click the download button before you can actually download it from the checkpoint website manual and use the import package button up here in the top right and then what you'd want to do is just to be safe is run the pre upgrade verifier okay installation is allowed upgrade is allowed and also before we do this we would want to go in where's it's yeah it's to snapshot management you want to make sure of course to create a snapshot for the lab purposes just to kind of show the process and won't necessarily run through this but I did look at the documentation and of course you want to make sure to have this to revert okay so let's go back here and at this point you can pretty much start up start the upgrade so let's go ahead and do this right now all right so our 8030 in-place upgrade is completed and it's automatically refresh the page after B reboot okay everything looks good system my plan is only one minute so just to make sure there's no pending upgrade in the background we can go to status and actions and go to all and to stay here as fully installed that's good okay we do have a notification installed self-test passed as well and we get the complete notification let's let it check for new available packages it's probably gonna have to install the new to play man agent I would assume all right we can apply the latest jumbo hot dick switch other time in this video is Gemma hot six take one ninety six just doing install trying to take too long to download it's only six hundred megabytes if you want to prepare beforehand as well you can always download this and just import it manually I just want to show you a while it's rebooting the internet still works of course because we're going to the active the primary firewall so this is really a zero downtime upgrade as they kind of call it alright successfully rebooted flow again make sure okay this is no time less than one minute so let's pop back in here let's go to all and it says jumbo hotfix installed self-test passed so everything is perfect it's good to go alright those are just the place timing out so at this point what we can do is we'll pop in here and just double check sick ok Trust is established X just six status communicating perfect will come into this cluster here and we'll change this to our 80 30 all right and now we can actually just go ahead and push policy what we're gonna want to do is to uncheck this option right here because it's going to fail since only one of the gateways is on are you 30 so to prevent that we uncheck this doing install it's fine 10.1 should fail that's fine 10.2 succeeded perfect so what we want to do now is actually let's go ahead and check on our gateways at this point see tha prob space state okay the 10.1 is still active so it's currently going through 10.1 let's pull up 10.2 as well just to double-check cpha prob space state state is ready so it's ready to go all right and we just got actually a check mark on 10.1 just good close to exhale inactive or machine is down okay well what should be fine let's go ahead and do a CP stop on this at this point the standby should pick it up so let's go there we go and we can see here that the state changed to active let's confirm that data is still traversing let's go here Netflix yeah make sure that it's not cached or anything cnn.com perfect Internet is still working and at this point we're pretty much good to go so we can just do the same thing that we did to to our standby gateway we'll do it - 10 by zu0 that one you don't need to do a CP start or anything you can still upgrade it when stopped those are these buddies and let's move on over to 1001 okay same thing I already imported the file here let's go ahead and get our admin lock and we already did the grep great verifier and it's part of a cluster so it should work as well it's for the demo we'll go straight into the upgrade of course you want to make sure that you do have a snapshot for this one as well okay and then we'll do the upgrade okay successfully rebooted on the primary it's gonna login we'll do the same thing double check okay so it's actually still wrapping some stuff up here okay and a couple of seconds will get the notification in the bottom left and then I'll start checking for updates I just click on the button all right we got the notification now it's checking for new packages all right it's going to applied the jumbo alright successfully keep leave the reboot system uptime less than one minute so let's go on here and install itself test pass perfect so we're good let's just give it another minute or so just because it's let's give it a second just to settle settle in system uptime let's wait like two minutes alright so let's go ahead and push policy and we can actually go ahead and put the checkmark back on this and there we go installation succeeded let's go ahead and check on our gateways cpha prop space again we can see here that local is on standby so the secondary machine is still the active okay yep so this one's active so what we can do is actually see if you restart okay CP restart is not supported in close to excel okay so let's just see if you stopped we run this command here and yeah we can see that the primary is now active secondary is lost right now we'll give it a second to complete the CP stop and then we'll just do a CP start okay CP to start and let's make sure the Internet's working right now oh well it should be working because this is active anyway and there we go we are done primary is active and standby is standby excellent let's go ahead and open up the web browser Netflix okay Yahoo yep Kristin so that's all there is to it thanks for watching and give any questions feel free to reach out all right take care

Info

Channel: Chris Martel

Views: 752

Rating: undefined out of 5

Keywords:

Id: PzqSb6uiTrI

Channel Id: undefined

Length: 14min 39sec (879 seconds)

Published: Wed Jun 10 2020