ProHoster > Блог > Nchịkwa > Na-emelite ebe nlele site na R77.30 ruo 80.20

Na-emelite ebe nlele site na R77.30 ruo 80.20

Na-emelite ebe nlele site na R77.30 ruo 80.20

N'oge ọdịda nke 2019, Check Point kwụsịrị ịkwado ụdị R77.XX, yana ọ dị mkpa imelite. Ekwuworị ọtụtụ ihe banyere ọdịiche dị n'etiti nsụgharị, uru na ọghọm nke ịgbanwere na R80. Ka anyị kwuo nke ọma maka otu esi emelite ngwa mebere Check Point (CloudGuard maka VMware ESXi, Hyper-V, KVM Gateway NGTP) yana ihe nwere ike ịgahie.

Yabụ, anyị nwere ndị injinia CCSE 2, ihe karịrị iri na abuo Check Point R77.30 mebere ụyọkọ, ọtụtụ igwe ojii, hotfixes ole na ole na oke osimiri nke ahụhụ dị iche iche, glitches na ihe niile, nke agba na nha niile, yana nakwa nnọọ uko n'obi imecha. Ka a pụọ!

Ọdịnaya:

Ọzụzụ
Na-emelite ihe nkesa njikwa
Na-emelite ụyọkọ

Na-emelite ebe nlele site na R77.30 ruo 80.20

Nke a bụ ihe akụrụngwa igwe ojii nke onye ahịa nwere ihe nlele nlele mebere dị ka

Ọzụzụ

Nzọụkwụ mbụ bụ ịlele ma enwere akụrụngwa zuru oke maka mmelite ahụ. Ihe kacha nta akwadoro maka R80.20 dị ka nke a:

Device

CPU

RAM

HDD

Ọnụ Ụzọ Nche

2 isi

4 Gb

Site na 15 GB

SMS

2 isi

6 Gb

-

A kọwara ndụmọdụ n'ime akwụkwọ ahụ CP_R80.20_GA_Release_Notes.

Ma anyị ga-enwe ezi uche. Ọ bụrụ na nke a zuru oke na nhazi kachasị nta, mgbe ahụ, dị ka omume na-egosi, anyị na-enwekarị nyocha https, SmartEvent na-agba ọsọ na SMS, wdg, nke, n'ezie, chọrọ ikike dị iche iche. Ma n'ozuzu, ọ dịghị ihe karịrị maka R77.30.

Ma enwere nuances. Na ha na-ejikọta, nke mbụ, na nha nke ebe nchekwa anụ ahụ. Ọtụtụ arụmọrụ ozugbo n'oge usoro mmelite ga-achọ ohere diski ike.

Maka ihe nkesa njikwa, nha ohere diski efu ga-adabere na olu nke ndekọ dị ugbu a (ọ bụrụ na anyị chọrọ ịzọpụta ha) yana ọnụọgụ nchekwa data echekwara, n'agbanyeghị na anyị agaghịzi achọ ha n'ọtụtụ buru ibu. N'ezie, maka ụyọkọ ọnụ (ọ gwụla ma ị na-echekwa ndekọ na mpaghara) ihe a niile adịghị mkpa. Nke a bụ otu esi elele ma ị nwere oghere ị chọrọ:

  1. Anyị jikọọ na Smart Management Server site na ssh, gaa na ọnọdụ ọkachamara wee tinye iwu:

    [Ọkachamara @ cp-sms:0] # DF -h

  2. Na mmepụta anyị ga-ahụ ihe dị ka nhazi a:

    Nha Sistemu Faịlụ ejiri nweta nnweta% agbanyere
    /dev/mapper/vg_splat-lv_current 30G 7.4G 21G 27% /
    /dev/sda1 289M 24M 251M 9% / buut
    tmpfs 2.0G 0 2.0G 0% / dev/shm
    /dev/mapper/vg_splat-lv_log 243G 177G 53G 78% /var/log

  3. Anyị nwere mmasị ugbu a na ngalaba / var / log

Biko mara na dabere na amụma maka ịchekwa na ihichapụ faịlụ ndekọ ochie, yana nha nchekwa data ebupụ, enwere ike ịchọkwu ohere. Ọ bụrụ na, mgbe ị na-eke ebe nchekwa, enwere ohere efu karịa ka akọwapụtara na amụma nchekwa faịlụ ndekọ, sistemụ ahụ ga-amalite ihichapụ ndekọ ochie na agaghị etinye ha na ebe nchekwa.

Ọzọkwa, maka usoro mmelite ahụ n'onwe ya, usoro ahụ ga-achọ ma ọ dịkarịa ala 13 GB nke ohere diski ike na-akwadoghị. Ị nwere ike ịlele ọnụnọ ya site na iwu a:

[Ọkachamara @ cp-sms:0]# pvs

Anyị ga-ahụ ihe dị ka nke a:

PV VG Fmt Attr PSize PFree
/dev/sda3 vg_splat lvm2 a- 141.69G 43.69G

N'okwu a, anyị nwere 43 GB. Enwere akụrụngwa zuru oke. Ị nwere ike ịmalite imelite.

Na-emelite ihe nkesa njikwa SMS Check Point

Tupu ịmalite ọrụ ị ga-eme ihe ndị a:

  1. Wụnye ngwugwu Ngwa Migration na ihe nkesa njikwa. Iji mee nke a, ịkwesịrị ibudata onyonyo site na portal Lee Point.
  2. Bulite ebe nchekwa na sava njikwa site na WinSCP n'ime nchekwa /var/log/UpgradeR77.30_R80.20 (ọ bụrụ na ọ dị mkpa, buru ụzọ mepụta folda).
  3. Jikọọ na ihe nkesa njikwa site na SSH wee gaa na nchekwa na ebe nchekwa:cd /var/log/UpgradeR77.30_R80.20/
  4. Mepee faịlụ ahụ:tar -zxvf ./<aha faịlụ>.tgz
  5. Anyị na-eji iwu a malite ọrụ pre_upgrade_verifier: ./pre_upgrade_verifier -p $FWDIR -c R77 -t R80.20
  6. Mgbe emechara iwu ahụ, a ga-ewepụta akụkọ maka ntọala na-ekwekọghị ekwekọ. Ọ dị na: /opt/CPsuite-R77/fw1/log/pre_upgrade_verification_report.(xls, HTML, txt). Ọ ka mma bulite ya site na SCP wee lelee ya site na ihe nchọgharị.
    Iji dozie ntọala ọ bụla na-adakọghị, jiri SK117237.
  7. Wee megharịa utility pre_upgrade_verifier iji hụ na ewepụla ihe niile na-akpata enweghị ndakọrịta.
  8. Na-esote, anyị na-anakọta ozi gbasara oghere netwọkụ, tebụl ntụgharị wee bulite nhazi GAIA:
    ip a > /var/log/UpgradeR77.30_R80.20/cp-sms-config.txt
    ip r > /var/log/UpgradeR77.30_R80.20/cp-sms-config.txt
    clish -c "gosi nhazi" > /var/log/UpgradeR77.30_R80.20/cp-sms-config.txt
  9. Bulite faịlụ arụpụta site na SCP.
  10. Anyị na-ese foto n'ogo nke ọma.
  11. Anyị na-abawanye oge nkwụsị nke nnọkọ SSH ruo awa 8. Ọ dabere na chioma gị: dabere na oke nchekwa data mbupụ, ọ nwere ike ịdịru site na nkeji ole na ole ruo ọtụtụ awa. Maka nke a: 
    [Ọkachamara @ HostName]# clish -c "gosipụta oge-adịghị arụ ọrụ" leba anya n'ọkwa dị ugbu a,

    [Ọkachamara @ HostName] # clish -c "tọọ oge nkwụsị-adịghị arụ ọrụ 720" ezipụta oge ngwụcha ọhụrụ (na nkeji),

    [Ọkachamara @ HostName]# nkwughachi $TMOUT leba anya n'ụdị ndị ọkachamara n'oge oge ugbu a,

    [Ọkachamara @ HostAme]# mbupụ TMOUT=3600 ezipụta ọnọdụ ọkachamara nkwụsị oge ọhụrụ (na sekọnd), ọ bụrụ na ịtọọ uru na 0, mgbe ahụ, a ga-enwe nkwarụ.

  12. Anyị na-ebudata ma bulie onyonyo nwụnye SMS.iso na igwe mebere.

    Tupu nzọụkwụ ọzọ, jide n'aka na ị ga-elele ugboro abụọ na ị nwere ohere zuru oke na draịvụ ike gị (cheta na ị chọrọ 13 GB). 

  13. Tupu ịmalite mbupụ nhazi ahụ, gbanwee faịlụ ndekọ na iwu: fw logswitch

Mbupụ nhazi na ndekọ

  1. Gbaa ọrụ migrate_export ka ibudata nhazi ahụ. Iji mee nke a, gaa na folda emepụtara na mbụ: cd /var/log/UpgradeR77.30_R80.20/ wee jiri iwu a: ./migrate mbupụ -l /var/log/UpgradeR77.30_R80.20/SMS_w_logs_export_r77_r80.tgz

    ma ọ bụ

    gaa na folda: cd $FWDIR/bin/upgrade_tools/ и
    gbaa iwu site n'ebe ahụ: ./migrate mbupụ -l /var/log/UpgradeR77.30_R80.20/SMS_w_logs_export_r77_r80.tgz

  2. Anyị na-ewepụ checksum na ebe nchekwa: md5sum /var/log/UpgradeR77.30_R80.20/SMS_w_logs_export_r77_r80.tgz
  3. Chekwa uru arụpụta na mpempe akwụkwọ ndetu.
  4. Anyị na-ejikọ na SMS site na SCP wee bulite ebe nchekwa na nhazi ya na ebe a na-arụ ọrụ. Jide n'aka na iji mbufe faịlụ na ọnụọgụ abụọ.

Mbupụ nchekwa data SmartEvent

N'ebe a, anyị chọrọ ụdị SMS R80 arụnyere na mbụ. Nnwale ọ bụla ga-eme. 

  1. Site na SMS anyị chọrọ edemede dị ebe a:$RTDIR/bin/eva_db_backup.csh
  2. Bulite edemede ahụ site na SCP eva_db_backup.csh na folda: /var/log/UpgradeR77.30_R80.20/
  3. Jikọọ site na SSH na SMS. Detuo faịlụ na nchekwa: cp /var/log/UpgradeR77.30_R80.20/eva_db_backup.csh
    $RTDIR/bin/eva_db_backup.csh
  4. Ịgbanwe koodu: dos2unix $RTDIR/bin/eva_db_backup.csh
  5. Na-agbakwunye onye nwe ya: chown -v admin: mgbọrọgwụ $RTDIR/bin/eva_db_backup.csh
  6. Tinye ikike: chmod -v 0755 $RTDIR/bin/eva_db_backup.csh
  7. Ka anyị malite ibupu nchekwa data SmartEvent: $RTDIR/bin/eva_db_backup.csh
  8. Bulite faịlụ enwetara site na SCP: $RTDIR/bin/<ụbọchị>-db-backup.backup и $RTDIR/bin/eventiaUpgrade.tar gaa na ụlọ ọrụ.

Mmelite

  1. Gaa na WebUI GAIA SMS → CPUSE → Gosi ngwugwu niile.
  2. Ọ bụrụ na CPUSE na-enye njehie ijikọ na igwe ojii Check Point, lelee DGW, DNS na ntọala proxy.
  3. Ọ bụrụ na ihe niile ziri ezi, na njehie anaghị apụ apụ, mgbe ahụ ịkwesịrị iji aka melite CPUSE, na-eduzi sk92449.
  4. Budata onyonyo a wee gafee Nyochaa. Ọ bụrụ na ọ dị mkpa, anyị na-ewepụ ihe na-ekwekọghị ekwekọ.

    N'ihi ya, ị ga-ahụ ozi a:

    Na-emelite ebe nlele site na R77.30 ruo 80.20

  5. Họrọ R80.20 Wụnye na nkwalite ọhụrụ maka njikwa nchekwa.
  6. Mgbe ị na-etinye mmelite, họrọ Wụnye dị ọcha. Mgbe echichi, usoro ga-reboot.
  7. Anyị na-agafe Oge mbụ Ọkachamara.
  8. Mgbe ịnweta ohere, anyị na-elele akaụntụ.
  9. Anyị jikọọ na SMS site na SSH wee gbanwee shei onye ọrụ anyị ka ọ bụrụ /bin/bash/:

    tọọ onye ọrụ <aha njirimara> shei /bin/bash/

    chekwaa nhazi (ọ bụrụ na anyị chọrọ ịhapụ bin / bash / dị ka shei ndabere mgbe ịmalitegharịa).

  10. Ọzọ, anyị jikọọ na SMS site na SCP ma nyefee ebe nchekwa na nhazi na ọnọdụ ọnụọgụ abụọ SMS_w_logs_export_r77_r80.tgz na folda /var/log/UpgradeR77.30_R80.20/
  11. Anyị na-ewepụ checksum na ebe nchekwa: md5sum /var/log/UpgradeR77.30_R80.20/SMS_w_logs_export_r77_r80.tgz ma tụnyere uru gara aga. Checksum ga-adakọrịrị.
  12. Anyị na-abawanye oge nkwụsị nke nnọkọ SSH ruo awa 8. Maka nke a:

    [Ọkachamara @ HostName]# clish -c "gosipụta oge-adịghị arụ ọrụ" leba anya n'ọkwa dị ugbu a,

    [Ọkachamara @ HostName] # clish -c "tọọ oge nkwụsị-adịghị arụ ọrụ 720" ezipụta oge ngwụcha ọhụrụ (na nkeji),

    [Ọkachamara @ HostName]# nkwughachi $TMOUT leba anya n'ụdị ndị ọkachamara n'oge oge ugbu a,

    [Ọkachamara @ HostAme]# mbupụ TMOUT=3600 ezipụta ọnọdụ ọkachamara nkwụsị oge ọhụrụ (na sekọnd). Ọ bụrụ na ịtọọ uru ahụ na 0, a ga-enwe nkwarụ oge nkwụsị.

  13. Iji bubata ntọala, mee ngwa mbubata mbubata. Iji mee nke a, gaa na folda: cd $FWDIR/bin/upgrade_tools/ma mee ihe mbubata: ./kwaga imp
    ort -l /var/log/UpgradeR77.30_R80.20/SMS_w_logs_export_r77_r80.tgz

Ka anyị kporie ndụ maka awa ole na ole sochirinụ. Akwụpụla oge SSH gị n'oge usoro a. Na njedebe, usoro ịkwaga ga-egosipụta ozi ịga nke ọma ma ọ bụ njehie. 

Ndepụta nlele mgbe emelitere

  1. Nnweta akụrụngwa.
  2. SIC nwere GW.
  3. Ikikere. Ọ bụrụ na egosiri akwụkwọ ikike ezighi ezi ma ọ bụ egosighi ya na SMS, mee iwu ahụ vsec_central_licence maka nkesa ikike.
  4. Ịtọ ntọala iwu. 

Na-ebubata nchekwa data SmartEvent

  1. Mee agụ SmartEvent rụọ ọrụ.
  2. Anyị na-ejikọta site na WinSCP na SMS ma nyefee faịlụ ebudatara na mbụ na ọnọdụ ọnụọgụ abụọ <ụbọchị> -db-backup.backup и eventiaUpgrade.tar na folda /var/log/UpgradeR77.30_R80.20/
  3. Anyị na-eji iwu a na-eme edemede ahụ: $RTDIR/bin/eventiaUpgrade.sh -upgrade /var/log/UpgradeR77.30_R80.20/eventiaUpgrade.tar
  4. Na-enyocha ọkwa: watch -n 10 eventiaUpgrade.sh
  5. Na-enyocha ndekọ na SmartEvent. Nrọ!

Na-emelite ụyọkọ Check Point GW (Na-arụ ọrụ/Ndabere)

Tupu ịmalite ọrụ

  1. Anyị na-echekwa nhazi GAIA site na ọnụ ụyọkọ ọ bụla gaa na faịlụ, iji mee nke a jiri iwu a: clish -c "gosi nhazi" > ./<Aha faịlụ> .txt
  2. Na-ebugote faịlụ site na iji WinSCP.
  3. Jikọọ na WebUI nke ọnụ abụọ wee gaa na taabụ CPUSE → Gosi ngwugwu niile.
  4. Ịchọta ngwungwu mmelite maka ụdị R80.20 Wụnye ọhụrụ, pịa Budata.
  5. Anyị na-enyocha na protocol CCP na-arụ ọrụ na ọnọdụ Mgbasa ozi, iji mee nke a, tinye iwu: cphaprob - ọ bụrụ
    Ọ bụrụ na ahọpụtara ọnọdụ ahụ Ọhụụ, jiri iwu dochie ya: cphaconf set_ccp mgbasa ozi (a na-eme iwu ahụ n'ọnụ ọnụ nke ọ bụla).
  6. Anyị na-etinye Downtime maka ọnụ ọnụ ndị metụtara na sistemụ nleba anya gị.
  7. Anyị na-elele na agbanyere paramita ahụ n'ogo nke ọma Mgbanwe adreesị MAC и Mbufe ekwekọrịtara maka netwọk mmekọrịta.

Mmelite

  1. Anyị na-ejikọta site na ssh na Node nọ n'ọrụ wee mee iwu ka nyochaa ọkwa nke ụyọkọ: watch -n 2 cphaprob stat
  2. Laghachi na WebUI Njikere nodes tab CPUSE na maka ngwugwu ahọpụtara R80.20 Wụnye ọhụrụ igba egbe Nyochaa.
  3. Ka anyị nyochaa akụkọ Verifier. Ọ bụrụ na anabatara nrụnye, gaa n'ihu.
  4. Họrọ ngwugwu R80.20 Wụnye ọhụrụ na igba egbe upgrade. N'oge usoro nkwalite, usoro ahụ ga-amaliteghachi. A na-echekwa ntọala GAIA. N'oge ịmalitegharị, anyị na-enyocha ọnọdụ nke ụyọkọ ahụ. Mgbe ebudatara, ọkwa nke ọnụ ọnụ emelitere kwesịrị ịgbanwe gaa na READY. N'ọtụtụ ọnọdụ, anyị zutere oge mgbe ọnụ nke na-emelitebeghị gbanwere gaa na ọkwa Ntị Active wee kwụsị igosipụta ọkwa nke ọnụ ọnụ emelitere. Atụla ụjọ - nhọrọ a dịkwa mma.
  5. Ozugbo emechara mmelite ahụ, mepee SmartDashboard.
  6. Mepee ụyọkọ ihe wee gbanwee ụdị ụyọkọ ahụ site na R77.30 gaa na R80.20. Pịa OK. Ọ bụrụ na mperi pụtara mgbe ị na-echekwa mgbanwe:
    Njehie dị n'ime emeela. (koodu: 0x8003001D, Enweghị ike ịnweta faịlụ maka ọrụ ide),
    soro SK119973. Mgbe nke ahụ gasịrị, chekwaa mgbanwe wee pịa Wụnye amụma.
  7. Na ntọala, wepụ akara nhọrọ Maka ụyọkọ ọnụ ụzọ, ọ bụrụ na ntinye na otu ụyọkọ dara ada, etinyela na ụyọkọ ahụ.
  8. Anyị na-edozi amụma ahụ. Sistemu ga-ewepụta mperi maka ọnụ na-arụ ọrụ nke emelitebeghị.
  9. Anyị na-ejikọta ọnụ ọnụ emelitere site na ssh wee mee iwu ka nyochaa ọnọdụ ụyọkọ ahụ: watch -n 2 cphaprob stat
  10. Jikọọ na ọnụ WebUI arụ ọrụ wee gaa na taabụ CPUSE → Gosi ngwugwu niile.Ịchọta ngwungwu mmelite maka ụdị R80.20 Wụnye ọhụrụ, pịa Budata.
  11. Anyị na-etinye Downtime maka ọnụ ọnụ ndị metụtara na sistemụ nleba anya gị.
  12. Laghachi na taabụ WebUI arụ ọrụ CPUSE na maka ngwugwu ahọpụtara R80.20 Wụnye ọhụrụ igba egbe Nyochaa.
  13. Ka anyị nyochaa akụkọ Verifier. Ọ bụrụ na anabatara nrụnye, gaa n'ihu.
  14. Họrọ ngwugwu R80.20 Wụnye ọhụrụ na igba egbe Nweta nkwalite. N'oge usoro nkwalite, usoro ahụ ga-amaliteghachi. A na-echekwa ntọala GAIA. N'oge ịmalitegharị, anyị na-enyocha ọnọdụ ụyọkọ ahụ na ọnụ ọnụ emelitere. Ka ịmalitegharịa, steeti ụyọkọ dị na ọnụ emelitere ga-agbanwe site na Njikere gaa rụọ ọrụ.
  15. Mgbe emechara usoro nkwalite ahụ, malite SmartDashboard wee tọọ amụma.

Ndepụta nlele mgbe emelitere

  • Ndekọ ihe omume na SmartLog, ọkwa nke ọwara VPN.
  • Ntọala GAIA.
  • Na-eweghachi ụyọkọ ka emechara ule dara.
  • Ikikere na nkwekọrịta. Ọ bụrụ na egosiri akwụkwọ ikike ezighi ezi ma ọ bụ egosighi ya na SMS, mee iwu ahụ. vsec_central_licence maka nkesa ikike.
  • CoreXL.
  • SecureXL.
  • Hotfix na CPinfo na ọnụ abụọ.

nkwubi

N'ozuzu, nke ahụ bụ ihe niile n'oge a - emelitere gị.

Maka anyị, usoro ahụ dum weere na nkezi site na 6 ruo 12 awa, dabere na nha nke ọdụ data mbupụ. A rụrụ ọrụ ahụ ihe karịrị abalị abụọ: otu maka imelite SMS, nke abụọ maka ụyọkọ.

Enweghị oge nkwụsị okporo ụzọ, n'agbanyeghị eziokwu ahụ bụ na anyị nyochara njehie niile a kpọtụrụ aha n'onwe anyị.

N'ezie, mgbe ụfọdụ ihe isi ike ọhụrụ nwere ike ibilite n'oge usoro mmelite, mana nke a bụ Check Point, yana dịka anyị niile maara, enwere hotfix mgbe niile!

Abalị ojii na pink ụtọ na mmelite!

isi: www.habr.com

Zụta nnabata ntụkwasị obi maka saịtị nwere nchekwa DDoS, sava VPS VDS 🔥 Zụta ebe nrụọrụ weebụ a pụrụ ịtụkwasị obi na nchekwa DDoS, sava VPS VDS | ProHoster