Friday, October 19, 2012

Upgrade the Check Point Security Management server from SPLAT R71.45 to R75.40

There is official way to upgrade Check Point SPLAT solutions based on SPLAT.
Bellow I've described my way to upgrade CP Security Management server (SMART center).
My SMART center installed on the HP Proliant DL380g6 server.
First of all you have to check state and version :). I've done it using CP SmartView monitor.
As you can read at the upgrade procedure document, you have to check contracts files.
I've done it using SmartUpdate tool.
On the next stage you should do backup your system. I've used two method: backup (using backup script from the CPUG forum) and snapshot.
Here is backup script:


#!/bin/sh -x
# Set Check Point profile for library settings!
. /etc/profile.d/CP.sh
PATH=$PATH:/bin:/sbin:/usr/bin:/usr/sbin:/opt/CPsuite-R65/fw1/
FILENAME="`uname -n`"_"`/bin/date +%m-%d-%Y_%H%M`"
### update system clock
###/usr/sbin/ntpdate 4.2.2.2
###
### create /var/tmp/upgrade_export
mkdir /var/tmp/upgrade_export
### Enter /var/tmp directory
###
cd /var/tmp/upgrade_export
###
### Remove the temp directory if exists
rm -rf $FILENAME
###
### Create upgrade_export directory
mkdir /var/tmp/upgrade_export/$FILENAME
###
### Enter temporary upgrade export directory
cd /var/tmp/upgrade_export/$FILENAME
###
### Gather system important information
###
/bin/set_host >> info.txt
/bin/echo ------------- >> info.txt
/bin/save_ifconfig -a >> info.txt
/bin/echo ------------- >> info.txt
/bin/netstat -rnv >> info.txt
/bin/echo ------------- >> info.txt
/bin/cat /etc/hosts >> info.txt
/bin/echo ------------- >> info.txt
/bin/cat /etc/sysconfig/netconf.C >> info.txt
###
### Start the upgrade_export process
###echo Y | /opt/CPsuite-R65/fw1/bin/upgrade_tools/upgrade_export $FILENAME
${FWDIR}/bin/upgrade_tools/upgrade_export -n ${FILENAME}
###
### pack up files and zip them up
cd /var/tmp/upgrade_export
tar -cf $FILENAME.tar $FILENAME
gzip $FILENAME.tar
###
### Remove temporary directory
rm -rf $FILENAME
###
### At this point what you may want is to transfer this $FILENAME.tar.gz file
### to a safe external system with Secure Copy Protocol or scp.
### Make sure to use the "admin" account when you get this file from the SCP
### server.
### Enjoy !!!!!!
### copy this file to a scp server
###/usr/bin/scp $FILENAME.tar.gz root@192.168.1.1:/var/backups/.
### Finish


Script was placed at the admin home folder, and run from expert mode

[Expert@hostname-sc00]# /home/admincp/backup-script

As the result you have one file at the /var/tmp/upgrade_export folder
This file you have to copy to the backup server. I've done it manually using WinSCP.

Next I've used the classical snapshot procedure.

Make sure that snapshot file successfully copied to the FTP-server.

And now you can do the upgrade procedure.
I've used many ways, but only one method was successfully.
It is upgrade through ILO-interface and ISO-file. 
Well, logon to ILO.

Login to CP console.

Add image file.

Start path command.

We've already done snapshot.

After extract files there are welcome window.

Is reading license agreement.

Select the Upgrade option.
Notice about contract information.

Our contract verification succeeded.

Select source for upgrade (from CD).

Pre-upgrade verification procedure.

Warning message.

And next option:

Validation our installed products.

Upgrading.

Installing PSM.

And finish.

Reboot server.

After reboot I've noticed wonderful information at the CP console.

Then you can login through SSH and check version of SPLAT.

[hostname-sc00]# ver
This is Check Point SecurePlatform Pro R75.40 Build 069
[hostname-sc00]#

And using CP SmartView monitor.

That's all. Have a good upgrading!

1 comment:

  1. Security management software is very important in incident management, investigations and resolving crimes.
    Security Management Software

    ReplyDelete