Kev hloov kho Check Point ntawm R77.30 txog 80.20

Thaum lub caij nplooj zeeg xyoo 2019, Check Point tau tso tseg kev txhawb nqa version R77.XX, thiab nws yuav tsum tau hloov kho. Ntau twb tau hais txog qhov sib txawv ntawm cov versions, qhov zoo thiab qhov tsis zoo ntawm kev hloov mus rau R80. Cia peb tham zoo dua txog yuav ua li cas hloov kho Check Point virtual khoom siv (CloudGuard rau VMware ESXi, Hyper-V, KVM Gateway NGTP) thiab dab tsi tuaj yeem ua yuam kev.

Yog li ntawd, peb muaj 2 CCSE engineers, ntau tshaj li ib tug kaum os Check Point R77.30 virtual pawg, ob peb huab, ob peb hotfixes thiab tag nrho hiav txwv ntawm ntau yam kab, glitches thiab tag nrho cov uas, ntawm tag nrho cov xim thiab ntau thiab tsawg, thiab kuj tseem nruj heev. Wb mus!

Txheem:

Kev cob qhia
Hloov kho tus tswj server
Hloov kho cov pawg

Qhov no yog dab tsi cov neeg siv khoom ib txwm muaj huab cua tsim nrog virtual Check Point zoo li

Kev cob qhia

Thawj kauj ruam yog xyuas seb puas muaj peev txheej txaus rau qhov hloov tshiab. Qhov kev pom zoo yam tsawg kawg nkaus rau R80.20 tam sim no zoo li no:

Ntaus

CPU

RAM

HDD

Rooj vag Kev Ruaj Ntseg

2 lub ntsiab

4 Gb

Los ntawm 15 GB

SMS

2 lub ntsiab

6 Gb

-

Cov lus pom zoo tau piav qhia hauv daim ntawv CP_R80.20_GA_Release_Notes.

Tab sis peb yuav muaj tiag. Yog tias qhov no txaus nyob rau hauv kev teeb tsa tsawg tshaj plaws, tom qab ntawd, raws li kev xyaum qhia, peb feem ntau muaj kev tshuaj xyuas https, SmartEvent khiav ntawm SMS, thiab lwm yam, uas, ntawm chav kawm, yuav tsum muaj peev xwm sib txawv kiag li. Tab sis feem ntau, tsis ntau tshaj rau R77.30.

Tab sis muaj nuances. Thiab lawv cuam tshuam, ua ntej ntawm tag nrho cov, rau qhov loj ntawm lub cev nco. Ntau qhov haujlwm ncaj qha thaum lub sijhawm hloov tshiab yuav xav tau qhov chaw hard disk.

Rau cov neeg rau zaub mov kev tswj hwm, qhov luaj li cas ntawm qhov chaw dawb disk yuav nyob ntawm qhov ntim ntawm cov cav tam sim no (yog tias peb xav txuag lawv) thiab ntawm cov ntaub ntawv khaws tseg, txawm hais tias peb yuav tsis xav tau ntau ntxiv lawm. Tau kawg, rau pawg nodes (tshwj tsis yog koj tseem khaws cov cav hauv zos) txhua qhov no tsis muaj teeb meem. Nov yog yuav xyuas seb koj puas muaj qhov chaw koj xav tau:

1. Peb txuas rau Smart Management Server ntawm ssh, mus rau hom kws tshaj lij thiab nkag mus rau cov lus txib:

   [Expert@cp-sms:0]# df -h

2. Ntawm cov zis peb yuav pom ib yam dab tsi zoo li no configuration:

   Filesystem     ขนาด Avail Siv% Mounted rau
   /dev/mapper/vg_splat-lv_current 30G 7.4G 21G 27% /
   /dev/sda1             289M 24M 251M 9% /boot
   tmpfs           2.0G 0 2.0G 0% /dev/shm
   /dev/mapper/vg_splat-lv_log           243G 177G 53G 78% /var/log

3. Tam sim no peb txaus siab rau ntu / var / cav

Thov nco ntsoov tias nyob ntawm txoj cai khaws cia thiab tshem tawm cov ntaub ntawv qub qub, nrog rau qhov loj ntawm cov ntaub ntawv xa tawm, yuav xav tau ntau qhov chaw. Yog tias, thaum tsim cov ntaub ntawv khaws cia, muaj qhov chaw dawb tsawg dua li tau teev tseg hauv txoj cai tswjfwm cov ntaub ntawv khaws cia, lub kaw lus yuav pib tshem cov log qub thiab yuav TSIS suav nrog lawv hauv cov ntaub ntawv khaws tseg.

Tsis tas li ntawd, rau cov txheej txheem hloov tshiab nws tus kheej, lub kaw lus yuav xav tau tsawg kawg 13 GB ntawm qhov chaw hard disk tsis tau faib. Koj tuaj yeem tshawb xyuas nws lub xub ntiag nrog cov lus txib:

[Expert@cp-sms:0]# pvs

Peb yuav pom qee yam zoo li no:

PV   VG   Fmt Attr PSize PFree
/dev/sda3 vg_splat lvm2 a- 141.69G 43.69G

Hauv qhov no peb muaj 43 GB. Muaj peev txheej txaus. Koj tuaj yeem pib hloov kho.

Hloov kho qhov Check Point SMS tswj server

Ua ntej pib ua haujlwm koj yuav tsum ua cov hauv qab no:

1. Nruab pob Migration Tools pob ntawm tus tswj server. Txhawm rau ua qhov no, koj yuav tsum rub tawm cov duab los ntawm lub portal Kuaj Cov Lus.
2. Upload lub archive mus rau kev tswj server ntawm WinSCP rau hauv daim nplaub tshev /var/log/UpgradeR77.30_R80.20 (yog tias tsim nyog, tsim ib daim nplaub tshev ua ntej).
3. Txuas mus rau kev tswj hwm server ntawm SSH thiab mus rau daim nplaub tshev nrog cov ntaub ntawv:cd /var/log/UpgradeR77.30_R80.20/
4. Unzip cov ntaub ntawv:tar -zxvf ./.tgz
5. Peb tso lub pre_upgrade_verifier utility nrog cov lus txib: ./pre_upgrade_verifier -p $FWDIR -c R77 -t R80.20
6. Thaum ua tiav cov lus txib, ib daim ntawv qhia txog kev teeb tsa tsis sib xws yuav raug tsim tawm. Nws muaj nyob rau ntawm: /opt/CPsuite-R77/fw1/log/pre_upgrade_verification_report.(xls, html, txt). Nws yooj yim dua rau upload nws ntawm SCP thiab saib nws los ntawm browser.
   Txhawm rau daws qhov teeb meem tsis sib xws, siv SK117237.
7. Tom qab ntawd rov ua haujlwm pre_upgrade_verifier qhov hluav taws xob kom paub tseeb tias txhua qhov ua rau tsis sib haum tau raug tshem tawm.
8. Tom ntej no, peb sau cov ntaub ntawv hais txog lub network interfaces, lub rooj sib tham thiab xa cov GAIA teeb tsa:
   ip a > /var/log/UpgradeR77.30_R80.20/cp-sms-config.txt
   ip r > /var/log/UpgradeR77.30_R80.20/cp-sms-config.txt
   clish -c "show configuration" > /var/log/UpgradeR77.30_R80.20/cp-sms-config.txt
9. Upload cov ntaub ntawv tshwm sim ntawm SCP.
10. Peb nqa ib qho snapshot ntawm qib virtualization.
11. Peb nce lub sijhawm ntawm SSH kev sib kho mus rau 8 teev. Nws nyob ntawm koj txoj hmoo: nyob ntawm qhov loj ntawm cov ntaub ntawv xa tawm, nws tuaj yeem kav ntev li ob peb feeb mus rau ob peb teev. Rau qhov no: 
    [Expert@HostName]# clish -c "show inactivity-timeout" saib lub sij hawm tawm tam sim no,

    [Expert@HostName]# clish -c "teeb ​​tsis ua haujlwm-timeout 720" qhia lub sij hawm tawm tshiab (hauv feeb),

    [Expert@HostName]# echo $TMOUT saib lub sijhawm tam sim no tus kws tshaj lij hom,

    [Expert@HostName]# export TMOUT=3600 qhia lub sijhawm tshiab tus kws tshaj lij hom (hauv vib nas this), yog tias koj teeb tsa tus nqi rau 0, ces lub sijhawm yuav raug kaw.

12. Peb rub tawm thiab nruab cov duab SMS.iso rau lub tshuab virtual.

    Ua ntej cov kauj ruam tom ntej, nco ntsoov xyuas ob zaug kom paub tseeb tias koj muaj qhov chaw txaus rau hauv koj lub hard drive (nco ntsoov, koj xav tau 13 GB). 

13. Ua ntej pib export lub configuration, hloov cov ntaub ntawv log nrog cov lus txib: fwv logs

Export configuration thiab cav

1. Khiav lub migrate_export utility mus download tau lub configuration. Txhawm rau ua qhov no, mus rau lub nplaub tshev uas tau tsim yav dhau los: cd /var/log/UpgradeR77.30_R80.20/ thiab siv cov lus txib: ./migrate export -l /var/log/UpgradeR77.30_R80.20/SMS_w_logs_export_r77_r80.tgz

   los yog

   mus rau lub folder: cd $FWDIR/bin/upgrade_tools/ и
   khiav cov lus txib los ntawm qhov ntawd: ./migrate export -l /var/log/UpgradeR77.30_R80.20/SMS_w_logs_export_r77_r80.tgz

2. Peb tshem checksum los ntawm archive: md5sum /var/log/UpgradeR77.30_R80.20/SMS_w_logs_export_r77_r80.tgz
3. Txuag cov txiaj ntsig tau rau notepad.
4. Peb txuas rau SMS ntawm SCP thiab upload cov ntaub ntawv nrog cov teeb tsa mus rau qhov chaw ua haujlwm. Nco ntsoov siv cov ntaub ntawv hloov pauv hauv Binary hom.

Export SmartEvent database

Ntawm no peb xav tau lub pre-installed SMS version R80. Txhua qhov kev xeem yuav ua. 

1. Los ntawm SMS peb xav tau ib tsab ntawv nyob ntawm no:$RTDIR/bin/eva_db_backup.csh
2. Load tsab ntawv ntawm SCP eva_db_backup.csh mus rau folder: /var/log/UpgradeR77.30_R80.20/
3. Txuas ntawm SSH rau SMS. Luam cov ntaub ntawv mus rau folder: cp /var/log/UpgradeR77.30_R80.20/eva_db_backup.csh
   $RTDIR/bin/eva_db_backup.csh
4. Hloov cov encoding: dos2unix $RTDIR/bin/eva_db_backup.csh
5. Ntxiv tus tswv: chown -v admin: paus $RTDIR/bin/eva_db_backup.csh
6. Ntxiv cov cai: chmod -v 0755 $RTDIR/bin/eva_db_backup.csh
7. Cia peb pib xa tawm SmartEvent database: $RTDIR/bin/eva_db_backup.csh
8. Upload cov ntaub ntawv tau txais los ntawm SCP: $RTDIR/bin/-db-backup.backup и $RTDIR/bin/eventiaUpgrade.tar mus rau qhov chaw ua haujlwm.

Hloov tshiab

1. Mus rau WebUI GAIA SMS → CPUSE → Qhia tag nrho cov pob.
2. Yog tias CPUSE muab qhov yuam kev txuas mus rau Check Point huab, xyuas DGW, DNS thiab Proxy nqis.
3. Yog tias txhua yam yog lawm, thiab qhov yuam kev tsis ploj, ces koj yuav tsum tau hloov kho CPUSE manually, coj los ntawm sk92449.
4. Download tau daim duab thiab mus dhau Tus neeg pov thawj. Yog tias tsim nyog, peb tshem tawm qhov tsis sib xws.

   Yog li ntawd, koj yuav tsum pom cov lus no:

   

5. Xaiv R80.20 Tshiab Txhim Kho thiab Txhim Kho Kev Tswj Xyuas Kev Ruaj Ntseg.
6. Thaum txhim kho qhov hloov tshiab, xaiv Clean Install. Tom qab installation, lub system yuav reboot.
7. Peb hla First Time Cov Dab Tsi.
8. Tom qab nkag mus, peb xyuas cov nyiaj.
9. Peb txuas rau SMS ntawm SSH thiab hloov peb cov neeg siv lub plhaub rau /bin/bash/:

   teeb tus neeg siv plhaub /bin/bash/

   txuag config (nyob rau hauv rooj plaub peb xav tawm hauv bin / bash / raws li lub plhaub qub tom qab reboot).

10. Tom ntej no, peb txuas rau SMS ntawm SCP thiab hloov cov ntaub ntawv nrog rau kev teeb tsa hauv Binary hom SMS_w_logs_export_r77_r80.tgz rau nplaub tshev /var/log/UpgradeR77.30_R80.20/
    
11. Peb tshem checksum los ntawm archive: md5sum /var/log/UpgradeR77.30_R80.20/SMS_w_logs_export_r77_r80.tgz thiab sib piv nrog tus nqi dhau los. Checksum yuav tsum sib phim.
12. Peb nce lub sijhawm ntawm SSH kev sib kho mus rau 8 teev. Rau qhov no:

    [Expert@HostName]# clish -c "show inactivity-timeout" saib lub sij hawm tawm tam sim no,

    [Expert@HostName]# clish -c "teeb ​​tsis ua haujlwm-timeout 720" qhia lub sij hawm tawm tshiab (hauv feeb),

    [Expert@HostName]# echo $TMOUT saib lub sijhawm tam sim no tus kws tshaj lij hom,

    [Expert@HostName]# export TMOUT=3600 qhia txog lub sijhawm tshiab tus kws tshaj lij hom (hauv vib nas this). Yog tias koj teeb tsa tus nqi rau 0, lub sijhawm yuav raug kaw.

13. Txhawm rau import cov teeb tsa, khiav cov khoom siv migrate import. Txhawm rau ua qhov no, mus rau lub nplaub tshev: cd $FWDIR/bin/upgrade_tools/thiab khiav lub import: ./migrate imp
    ort -l /var/log/UpgradeR77.30_R80.20/SMS_w_logs_export_r77_r80.tgz

Cia peb ua neej nyob rau ob peb teev tom ntej no. TSIS TXHOB txiav koj qhov SSH SESSION thaum lub sijhawm ua haujlwm. Thaum kawg, cov txheej txheem tsiv teb tsaws yuav pom cov lus ua tiav lossis qhov yuam kev. 

Tshawb xyuas tom qab hloov kho

1. Muaj peev txheej.
2. SIC with GW.
3. Daim ntawv tso cai. Yog tias cov ntawv tso cai tso tawm tsis raug lossis tsis pom hauv SMS, khiav cov lus txib vsec_central_licence rau kev faib daim ntawv tso cai.
4. Kev teeb tsa txoj cai. 

Ntshuam SmartEvent database

1. Qhib lub SmartEvent hniav.
2. Peb txuas ntawm WinSCP rau SMS thiab xa cov ntaub ntawv rub tawm yav dhau los hauv hom binary -db-backup.backup и eventiaUpgrade.tar rau nplaub tshev /var/log/UpgradeR77.30_R80.20/
3. Peb khiav tsab ntawv nrog cov lus txib: $RTDIR/bin/eventiaUpgrade.sh -upgrade /var/log/UpgradeR77.30_R80.20/eventiaUpgrade.tar
4. Tshawb xyuas qhov xwm txheej: watch -n 10 eventiaUpgrade.sh
5. Tshawb xyuas cov cav hauv SmartEvent. PIB!

Hloov kho qhov Check Point GW pawg (Active/Backup)

Ua ntej pib ua haujlwm

1. Peb khaws GAIA teeb tsa los ntawm txhua pawg ntawm cov ntaub ntawv, ua qhov no siv cov lus txib: clish -c "show configuration" > ./.txt
2. Uploading cov ntaub ntawv siv WinSCP.
3. Txuas mus rau WebUI ntawm ob lub nodes thiab mus rau lub tab CPUSE → Qhia tag nrho cov pob.
4. Nrhiav lub pob hloov tshiab rau lub version R80.20 Fresh Install, xovxwm Download tau.
5. Peb xyuas tias CCP raws tu qauv ua haujlwm hauv hom Tshaj tawm, ua qhov no, sau cov lus txib: cphaprob - ib
   Yog xaiv hom Multicast, hloov nws nrog cov lus txib: cphaconf set_ccp tshaj tawm (qhov kev hais kom ua yog ua tiav ntawm txhua qhov).
6. Peb nruab Downtime rau cov kev cuam tshuam ntawm koj qhov kev saib xyuas.
7. Peb xyuas tias cov kev txwv tau qhib rau ntawm qib virtualization Hloov chaw nyob MAC и Forged Transmits rau synchronization network.

Hloov tshiab

1. Peb txuas ntawm ssh mus rau Active node thiab khiav cov lus txib los saib xyuas cov xwm txheej ntawm pawg: watch -n 2 cphaprob stat
2. Rov qab mus rau WebUI Stanby nodes tab CPUSE thiab rau pob xaiv R80.20 Fresh Install tso tawm Tus neeg pov thawj.
3. Cia peb txheeb xyuas daim ntawv qhia Verifier. Yog tso cai installation, txav mus.
4. Xaiv ib pob R80.20 Fresh Install thiab tso tawm txawj tej yam ntxiv. Thaum lub Upgrade txheej txheem, lub system yuav reboot. GAIA nqis tau txais kev cawmdim. Thaum lub sijhawm reboot, peb saib xyuas lub xeev ntawm pawg. Tom qab kev thauj khoom, cov xwm txheej ntawm qhov hloov kho node yuav tsum hloov mus rau READY. Nyob rau hauv ntau qhov xwm txheej, peb tau ntsib ib lub sijhawm thaum lub node uas tseem tsis tau hloov kho hloov mus rau Active Attention raws li txoj cai thiab tso tseg tsis pom cov xwm txheej ntawm qhov hloov kho tshiab. Tsis txhob ntshai - qhov kev xaiv no kuj tau txais.
5. Thaum qhov hloov tshiab tiav, qhib SmartDashboard.
6. Qhib cov khoom pawg thiab hloov cov pawg ntawm R77.30 rau R80.20. Nyem OK. Yog tias qhov yuam kev tshwm sim thaum txuag kev hloov pauv:
   Ib qho yuam kev sab hauv tau tshwm sim. (Code: 0x8003001D, Tsis tuaj yeem nkag mus rau cov ntaub ntawv sau ua haujlwm),
   ua raws SK119973. Tom qab ntawd, txuag cov kev hloov pauv thiab nyem Nruab Txoj Cai.
7. Hauv kev teeb tsa, uncheck qhov kev xaiv Rau pawg rooj vag, yog tias kev teeb tsa ntawm pawg neeg ua tsis tiav, tsis txhob nruab rau pawg ntawd.
8. Peb teeb tsa txoj cai. Lub kaw lus yuav tsim qhov yuam kev rau lub Active node uas tseem tsis tau hloov kho.
9. Peb txuas mus rau qhov kho tshiab ntawm ssh thiab khiav cov lus txib los saib xyuas lub xeev ntawm pawg: watch -n 2 cphaprob stat
10. Txuas mus rau WebUI Active node thiab mus rau tab CPUSE → Qhia tag nrho cov pob.Nrhiav lub pob hloov tshiab rau lub version R80.20 Fresh Install, nias Download tau.
11. Peb nruab Downtime rau cov kev cuam tshuam ntawm koj qhov kev saib xyuas.
12. Rov qab mus rau WebUI Active nodes tab CPUSE thiab rau pob xaiv R80.20 Fresh Install tso tawm Tus neeg pov thawj.
13. Cia peb txheeb xyuas daim ntawv qhia Verifier. Yog tso cai installation, txav mus.
14. Xaiv ib pob R80.20 Fresh Install thiab tso tawm Txawj ntxiv. Thaum lub Upgrade txheej txheem, lub system yuav reboot. GAIA nqis tau txais kev cawmdim. Thaum lub sijhawm rov pib dua, peb saib xyuas lub xeev ntawm pawg ntawm cov node uas twb tau hloov kho lawm. Tom qab rov pib dua, pawg hauv xeev ntawm qhov hloov kho tshiab yuav hloov ntawm READY mus rau ACTIVE.
15. Thaum cov txheej txheem Upgrade tiav, tso SmartDashboard thiab nruab txoj cai.

Tshawb xyuas tom qab hloov kho

• Cov xwm txheej teev tseg hauv SmartLog, xwm txheej ntawm VPN tunnels.
• GAIA Settings.
• Restoreing ib pawg tom qab kev xeem Failover.
• Daim ntawv tso cai thiab ntawv cog lus. Yog tias cov ntawv tso cai tso tawm tsis raug lossis tsis pom hauv SMS, khiav cov lus txib. vsec_central_licence rau kev faib daim ntawv tso cai.
• CoreXL.
• SecureXL.
• Hotfix thiab CPinfo ntawm ob lub nodes.

xaus

Feem ntau, qhov ntawd yog txhua yam ntawm lub sijhawm no - koj tau hloov kho.

Rau peb, tag nrho cov txheej txheem coj qhov nruab nrab ntawm 6 mus rau 12 teev, nyob ntawm qhov loj ntawm cov ntaub ntawv xa tawm. Kev ua haujlwm tau ua dhau ob hmo: ib qho rau kev hloov kho SMS, qhov thib ob rau pawg.

Tsis muaj tsheb khiav tsis zoo, txawm tias peb tau kuaj xyuas tag nrho cov lus hais saum toj no ntawm peb tus kheej.

Tau kawg, qee zaum cov teeb meem tshiab tuaj yeem tshwm sim thaum lub sijhawm hloov tshiab, tab sis qhov no yog Check Point, thiab raws li peb txhua tus paub, yeej ib txwm muaj qhov kho tshiab!

Zoo siab hmo ntuj dub thiab liab thiab hloov tshiab!

Tau qhov twg los: www.hab.com