I will release a new video on "How to upgrade Check Point Clusters to R81.10 with MVC" that will be alot more structured and shorter. The point of this video is to get more of a live feeling on how to upgrade and make you think and lab about the topic.. There are misstakes made in this upgrade by purpose to highlight issues and importance to do things in correct order.
Man!!! This is gold!! thank you sooo much for uploading this with such a great explanation. Loved it!! I have to do this next week for both VSX and Regular clusters. Now I feel more confident!!
Great video Magnus! I'm a little confused with a step. In the Installation and Upgrade Guide, page 374, step 7, it says after installing policy in the upgraded node, it will become Active in the cluster. However, in your video it doesn't happen (35:05). You had you launch cpstop to failover. Regards!
ClusterXL_admin down is a better command to use than cpstop. So maybe need to remake this video :) What cluster member become active depend on what you settings are for recovery, I have mine on maintain active member so I can pick when I wanna do failovers
Hehe, I have been wanting to do such a video for a longtime. Waiting for some lab to be done so I can do it on real equipment.. but more or less upgraded 15 production clusters the last months so got the process under the belt now 😂
Hehe, keep in mind that this is a training video and not my “how to” so make sure to check the end as I take up things like priority on the members, also failover should be done with ClusterXL Admin down and not cpstop and such. But given you know the command specified above am sure you understood this aswell, always good to fresh up some knowledge :)
@@MagnusHolmberg-NetSec do enjoy playing in the Lab environment and have to say, do tend to learn more while playing and watching others, my upgrades went well, and did not break anything which is always good :))
Hi @Magnus, thanks for video. Quick question, when we upgraded Cluster by MDS managed, after upgrade we had a issue, that Remote-Access does not work properly. Then We downgraded, once downgrade done, then threat emulation error occured. Have you expereinced that kind of issuem during cluster upgrade which by MDS managed.
Hi, for me upgrading MDS has been working good. i have missed that i edited .user.def sometimes but other then that i had experiance no issues with upgrading mgmt servers. i dont use check point remote access for the last years.
Hi Sir Magnus, Can you create tutorial video and setup of Checkpoint VSX Cluster woth VSes failover process. What is difference of ClusterXL_admin down and vsx_util reconfigure? Hope you can explain this more on a separate video. Thank you for creating this kind of content.
Hi magnus After upgrade my firewall from R80.40 to R81.10 normal credentials is not working only admin credentials is working. How to fix this and what could be the reason like normal credentials is not working which is authenticated through radius server but prior to upgrade it was working
No one reads that manual, right?, riggght?!! 😅 Is the MVC upgrade only for significant version upgrades like R81 -> R81.10? Would I still use clusterXL_admin down for JHA updates? I noticed today when I did a R81.10 JHA upgrade it had version out of sync warning. I don't recall the warning exactly now that I upgraded both cluster members.
The manual you read when you f-k up :) to see that you did miss :D For jumphotfix I normally install policy and change the prio of the members to failover between members. But the admin down would work to. For mgmt servers it will warn if you have diff hfa between them. Maybe also for gateways.. not sure. Have not thought about it, I alsways use the same so tent to ignore some stuff.
I will release a new video on "How to upgrade Check Point Clusters to R81.10 with MVC" that will be alot more structured and shorter.
The point of this video is to get more of a live feeling on how to upgrade and make you think and lab about the topic..
There are misstakes made in this upgrade by purpose to highlight issues and importance to do things in correct order.
Best video I've seen on UA-cam to upgrade CheckPoint Cluster. Thank you very much and continue. All the best 😀
Glad it helped!
Man!!! This is gold!! thank you sooo much for uploading this with such a great explanation. Loved it!! I have to do this next week for both VSX and Regular clusters. Now I feel more confident!!
Hehe, there are some additional tip and tricks for vsx upgrades. Maybe time to fix that video also 😁
Thank you Magnus!! waiting for your how to video.
Your welcome :)
Yes more how to videos to come.
Great video Magnus! I'm a little confused with a step. In the Installation and Upgrade Guide, page 374, step 7, it says after installing policy in the upgraded node, it will become Active in the cluster. However, in your video it doesn't happen (35:05). You had you launch cpstop to failover. Regards!
ClusterXL_admin down is a better command to use than cpstop. So maybe need to remake this video :)
What cluster member become active depend on what you settings are for recovery, I have mine on maintain active member so I can pick when I wanna do failovers
Thanks for your videos Mr. Magnus, when you have time and remember us mortals, maybe you can do an upgrade video on VSX with VSLS :)
Hehe, I have been wanting to do such a video for a longtime.
Waiting for some lab to be done so I can do it on real equipment.. but more or less upgraded 15 production clusters the last months so got the process under the belt now 😂
Hello Magnus, Can you post a video upgrading VSX as well probably from R80 to R81 if possible ? That would help out lot of folks
Yes i will make VSX upgrade videos, there are more steps as mgmt is involved.
@@MagnusHolmberg-NetSec VSX in a VSLS environment would be great. Thanks !
Great video sir❤❤❤❤
Thank you :)
excellent Vid, just about to start upgrading a few clusters, watch -d -n 15 "fw tab -t connections -s" :)
Hehe, keep in mind that this is a training video and not my “how to” so make sure to check the end as I take up things like priority on the members, also failover should be done with ClusterXL Admin down and not cpstop and such.
But given you know the command specified above am sure you understood this aswell, always good to fresh up some knowledge :)
@@MagnusHolmberg-NetSec do enjoy playing in the Lab environment and have to say, do tend to learn more while playing and watching others, my upgrades went well, and did not break anything which is always good :))
@@TheSprog67 7 of 15 vsx upgrades done, 5 tac cases so far…
@@MagnusHolmberg-NetSec As long as you got away with the upgrade and did not have to roll back, fingers crossed :)))
Hi @Magnus, thanks for video. Quick question, when we upgraded Cluster by MDS managed, after upgrade we had a issue, that Remote-Access does not work properly. Then We downgraded, once downgrade done, then threat emulation error occured. Have you expereinced that kind of issuem during cluster upgrade which by MDS managed.
Hi, for me upgrading MDS has been working good. i have missed that i edited .user.def sometimes but other then that i had experiance no issues with upgrading mgmt servers. i dont use check point remote access for the last years.
Hi Magnus,
Please make some training of Cluster BGP peering with or without VIP usage, and failover behavior.
Hi Sir Magnus, Can you create tutorial video and setup of Checkpoint VSX Cluster woth VSes failover process. What is difference of ClusterXL_admin down and vsx_util reconfigure? Hope you can explain this more on a separate video. Thank you for creating this kind of content.
Yes I will make a VSX upgrade video.
I think it will be multiple both for upgrade with cpuse and upgrades with clean install and reconfigure etc
Tremendous!
Hi magnus
After upgrade my firewall from R80.40 to R81.10 normal credentials is not working only admin credentials is working.
How to fix this and what could be the reason like normal credentials is not working which is authenticated through radius server but prior to upgrade it was working
Well explained
Thanks Mag !!
No one reads that manual, right?, riggght?!! 😅
Is the MVC upgrade only for significant version upgrades like R81 -> R81.10? Would I still use clusterXL_admin down for JHA updates?
I noticed today when I did a R81.10 JHA upgrade it had version out of sync warning. I don't recall the warning exactly now that I upgraded both cluster members.
The manual you read when you f-k up :) to see that you did miss :D
For jumphotfix I normally install policy and change the prio of the members to failover between members.
But the admin down would work to.
For mgmt servers it will warn if you have diff hfa between them. Maybe also for gateways.. not sure. Have not thought about it, I alsways use the same so tent to ignore some stuff.
@@MagnusHolmberg-NetSec Haha "only when you f-- up" 💯. So true.
Thanks for the info on the rest.