Pulogalamu ya ProHoster > Blog > Ulamuliro > Kusintha Check Point kuchokera pa R77.30 mpaka 80.20

Kusintha Check Point kuchokera pa R77.30 mpaka 80.20

Kusintha Check Point kuchokera pa R77.30 mpaka 80.20

Kumapeto kwa 2019, Check Point inasiya kuthandizira mitundu ya R77.XX, ndipo kunali koyenera kusinthidwa. Zambiri zanenedwa kale za kusiyana pakati pa matembenuzidwe, ubwino ndi kuipa kwa kusintha kwa R80. Tiyeni tikambirane bwino za momwe mungasinthire zida zenizeni za Check Point (CloudGuard kwa VMware ESXi, Hyper-V, KVM Gateway NGTP) ndi zomwe zingawonongeke.

Chifukwa chake, tinali ndi mainjiniya a 2 CCSE, magulu opitilira khumi ndi awiri a Check Point R77.30, mitambo ingapo, ma hotfixes ochepa ndi nyanja yonse ya nsikidzi zosiyanasiyana, glitches ndi zonse, zamitundu yonse ndi makulidwe, ndi komanso nthawi yayitali kwambiri. Tiyeni tizipita!

Zamkatimu:

Kukonzekera
Kusintha seva yoyang'anira
Kusintha gulu

Kusintha Check Point kuchokera pa R77.30 mpaka 80.20

Izi ndi zomwe makina amtundu wamakasitomala omwe ali ndi Check Point amawonekera

Kukonzekera

Gawo loyamba ndikuwunika ngati pali zinthu zokwanira zosinthira. Zofunikira zochepa zovomerezeka za R80.20 pano zikuwoneka motere:

Chipangizo

CPU

Ram

HDD

Chipata Chachitetezo

2 pachimake

4 Gb

Kuyambira 15 GB

sms

2 pachimake

6 Gb

-

Malangizo akufotokozedwa mu chikalata CP_R80.20_GA_Release_Notes.

Koma tidzaona zenizeni. Ngati izi ndizokwanira pakukhazikitsa kochepa kwambiri, ndiye, monga momwe zimasonyezera, nthawi zambiri timakhala ndi kuyendera kwa https, SmartEvent ikuyenda pa SMS, ndi zina zotero, zomwe, ndithudi, zimafuna mphamvu zosiyana kwambiri. Koma zambiri, zosaposa R77.30.

Koma pali ma nuances. Ndipo zimagwirizana, choyamba, kukula kwa kukumbukira kwakuthupi. Ntchito zambiri mwachindunji panthawi yokonzanso zidzafuna malo osungira disk.

Kwa seva yoyang'anira, kukula kwa malo a disk omasuka kudzadalira kwambiri kuchuluka kwa zipika zamakono (ngati tikufuna kuzisunga) komanso pa chiwerengero cha Zosintha Zosungirako za Database zosungidwa, ngakhale kuti sitidzawafunanso mochuluka. Zachidziwikire, pamagulu amagulu (pokhapokha mutasunganso zipika kwanuko) zonsezi zilibe kanthu. Umu ndi momwe mungawonere ngati muli ndi malo omwe mukufuna:

  1. Timalumikizana ndi Smart Management Server kudzera pa ssh, pitani kumayendedwe aukadaulo ndikulowetsa lamulo:

    [Katswiri@cp-sms:0]# df -h

  2. Pazotulutsa tiwona zina monga izi:

    Kukula kwa Filesystem Kugwiritsidwa Ntchito Kugwiritsidwa Ntchito% Yokhazikitsidwa
    /dev/mapper/vg_splat-lv_current 30G 7.4G 21G 27% /
    /dev/sda1 289M 24M 251M 9% /boot
    tmpfs 2.0G 0 2.0G 0% /dev/shm
    /dev/mapper/vg_splat-lv_log 243G 177G 53G 78% /var/log

  3. Tikuchita chidwi ndi gawoli / var / logi

Chonde dziwani kuti malinga ndi ndondomeko yosungira ndi kuchotsa mafayilo akale a log, komanso kukula kwa deta yotumizidwa kunja, malo ochulukirapo angafunike. Ngati, popanga zolemba zakale, pali malo ochepa omasuka kuposa momwe amafotokozera mu ndondomeko yosungira mafayilo a log, dongosololi lidzayamba kuchotsa zipika zakale ndipo SIDZAZIphatikiza muzosungirako.

Komanso, pakukonzanso komweko, dongosololi lidzafunika osachepera 13 GB ya malo osagawa disk hard disk. Mutha kuyang'ana kupezeka kwake ndi lamulo:

[Katswiri@cp-sms:0]# pvs

Tiwona chonga ichi:

PV VG Fmt Attr PSize PFree
/dev/sda3 vg_splat lvm2 a- 141.69G 43.69G

Pankhaniyi tili ndi 43 GB. Pali zinthu zokwanira. Mutha kuyamba kusintha.

Kusintha seva yoyang'anira Check Point SMS

Musanayambe ntchito muyenera kuchita zotsatirazi:

  1. Ikani phukusi la Migration Tools pa seva yoyang'anira. Kuti muchite izi, muyenera kukopera chithunzicho kuchokera pa portal Onani Point.
  2. Kwezani zolemba zakale ku seva yoyang'anira kudzera pa WinSCP mufoda /var/log/UpgradeR77.30_R80.20 (ngati kuli kofunikira, pangani chikwatu choyamba).
  3. Lumikizani ku seva yoyang'anira kudzera pa SSH ndikupita kufoda yomwe ili ndi zosungirako:cd /var/log/UpgradeR77.30_R80.20/
  4. Tsegulani fayilo:tar -zxvf ./<fayilo dzina>.tgz
  5. Timakhazikitsa pre_upgrade_verifier utility ndi lamulo: ./pre_upgrade_verifier -p $FWDIR -c R77 -t R80.20
  6. Mukamaliza kulamula, lipoti la zosintha zosagwirizana lidzapangidwa. Ikupezeka pa: /opt/CPsuite-R77/fw1/log/pre_upgrade_verification_report.(xls, html, txt). Ndikosavuta kuyiyika kudzera pa SCP ndikuwonera kudzera pa msakatuli.
    Kuthetsa makonda aliwonse osagwirizana, gwiritsani ntchito SK117237.
  7. Kenako yambitsaninso pre_upgrade_verifier chida kuti muwonetsetse kuti zoyambitsa zonse zosagwirizana zachotsedwa.
  8. Kenako, timasonkhanitsa zambiri zokhudzana ndi ma netiweki, tebulo lamayendedwe ndikuyika kasinthidwe ka GAIA:
    ip a > /var/log/UpgradeR77.30_R80.20/cp-sms-config.txt
    ip r > /var/log/UpgradeR77.30_R80.20/cp-sms-config.txt
    clish -c "kuwonetsa kasinthidwe"> /var/log/UpgradeR77.30_R80.20/cp-sms-config.txt
  9. Kwezani fayiloyo kudzera pa SCP.
  10. Timatenga chithunzithunzi pamlingo wa virtualization.
  11. Timawonjezera nthawi yopuma ya gawo la SSH kukhala maola 8. Zimatengera mwayi wanu: kutengera kukula kwa nkhokwe yotumizidwa kunja, imatha kukhala mphindi zingapo mpaka maola angapo. Za ichi: 
    [Katswiri @ HostName] # chotsani -c "kuwonetsa kusachita-nthawi" yang'anani nthawi yomwe yatha,

    [Katswiri @ HostName] # chotsani -c "khazikitsani-nthawi yopuma 720" tchulani nthawi yatsopano yomaliza (mphindi),

    [Katswiri@HostName] # echo $TMOUT yang'anani pakatswiri wanthawi yayitali,

    [Katswiri@HostName]# kutumiza kunja TMOUT=3600 tchulani katswiri watsopano wanthawi yayitali (mumasekondi), ngati muyika mtengo kukhala 0, ndiye kuti nthawi yomaliza idzayimitsidwa.

  12. Timatsitsa ndikuyika chithunzi cha kukhazikitsa kwa SMS.iso pamakina enieni.

    Musanayambe sitepe yotsatira, SIMIKIRANI kuti muwone kuti muli ndi malo okwanira osagawidwa pa hard drive yanu (kumbukirani, mukufunikira 13 GB). 

  13. Musanayambe kutumiza kasinthidwe, sinthani fayilo ya log ndi lamulo: fw logswitch

Tumizani kasinthidwe ndi zipika

  1. Yambitsani migrate_export chida kuti mutsitse kasinthidwe. Kuti muchite izi, pitani ku foda yomwe idapangidwa kale: cd /var/log/UpgradeR77.30_R80.20/ ndikugwiritsa ntchito lamulo: ./samukani kutumiza kunja -l /var/log/UpgradeR77.30_R80.20/SMS_w_logs_export_r77_r80.tgz

    kapena

    kupita ku chikwatu: cd $FWDIR/bin/upgrade_tools/ ΠΈ
    yendetsani lamulo kuchokera pamenepo: ./samukani kutumiza kunja -l /var/log/UpgradeR77.30_R80.20/SMS_w_logs_export_r77_r80.tgz

  2. Timachotsa checksum pankhokwe: md5sum /var/log/UpgradeR77.30_R80.20/SMS_w_logs_export_r77_r80.tgz
  3. Sungani mtengo wotsatira ku notepad.
  4. Timalumikiza ku SMS kudzera pa SCP ndikuyika zosungirako ndi kasinthidwe kogwirira ntchito. Onetsetsani kuti mukugwiritsa ntchito kusamutsa mafayilo mumtundu wa Binary.

Tumizani SmartEvent database

Apa tikufunika mtundu wa SMS wokhazikitsidwa kale R80. Mayeso aliwonse adzachita. 

  1. Kuchokera pa SMS tikufuna script yomwe ili apa:$RTDIR/bin/eva_db_backup.csh
  2. Kwezani script kudzera pa SCP eva_db_backup.csh ku foda: /var/log/UpgradeR77.30_R80.20/
  3. Lumikizani kudzera pa SSH kupita ku SMS. Koperani fayilo ku chikwatu: cp /var/log/UpgradeR77.30_R80.20/eva_db_backup.csh
    $RTDIR/bin/eva_db_backup.csh
  4. Kusintha encoding: dos2unix $RTDIR/bin/eva_db_backup.csh
  5. Kuwonjeza mwiniwake: chown -v admin: muzu $RTDIR/bin/eva_db_backup.csh
  6. Onjezani maufulu: chmod -v 0755 $RTDIR/bin/eva_db_backup.csh
  7. Tiyeni tiyambe kutumiza nkhokwe ya SmartEvent: $RTDIR/bin/eva_db_backup.csh
  8. Kwezani mafayilo olandila kudzera pa SCP: $RTDIR/bin/<date>-db-backup.backup ΠΈ $RTDIR/bin/eventiaUpgrade.tar ku malo antchito.

Sintha

  1. Pitani ku WebUI GAIA SMS β†’ CPUSE β†’ Onetsani mapaketi onse.
  2. Ngati CPUSE ikupereka cholakwika polumikizana ndi mtambo wa Check Point, yang'anani DGW, DNS ndi makonda a Proxy.
  3. Ngati zonse zili zolondola, ndipo cholakwikacho sichizimiririka, ndiye kuti muyenera kusintha CPUSE pamanja, motsogozedwa ndi sk92449.
  4. Koperani chithunzi ndi kudutsa Wotsimikizira. Ngati ndi kotheka, timachotsa zosagwirizana.

    Chifukwa chake, muyenera kuwona meseji iyi:

    Kusintha Check Point kuchokera pa R77.30 mpaka 80.20

  5. Sankhani R80.20 Kukhazikitsa Kwatsopano ndi Kusintha Kwa Chitetezo.
  6. Mukakhazikitsa zosinthazi, sankhani Chotsani Ikani. Pambuyo kukhazikitsa, dongosolo lidzayambiranso.
  7. Timadutsa Nthawi Yoyamba Mlaliki.
  8. Titapeza mwayi, timayang'ana maakaunti.
  9. Timalumikiza ku SMS kudzera pa SSH ndikusintha chipolopolo cha ogwiritsa ntchito kukhala / bin/bash/:

    khazikitsani wogwiritsa <dzina lolowera> chipolopolo / bin/bash/

    sungani config (ngati tikufuna kusiya bin/bash/ ngati chipolopolo chokhazikika titayambiranso).

  10. Kenako, timalumikizana ndi SMS kudzera pa SCP ndikusamutsa zosungirako ndi kasinthidwe ka Binary mode SMS_w_logs_export_r77_r80.tgz ku folda /var/log/UpgradeR77.30_R80.20/
  11. Timachotsa checksum pankhokwe: md5sum /var/log/UpgradeR77.30_R80.20/SMS_w_logs_export_r77_r80.tgz ndikuyerekeza ndi mtengo wam'mbuyo. Checksum iyenera kufanana.
  12. Timawonjezera nthawi yopuma ya gawo la SSH kukhala maola 8. Za ichi:

    [Katswiri @ HostName] # chotsani -c "kuwonetsa kusachita-nthawi" yang'anani nthawi yomwe yatha,

    [Katswiri @ HostName] # chotsani -c "khazikitsani-nthawi yopuma 720" tchulani nthawi yatsopano yomaliza (mphindi),

    [Katswiri@HostName] # echo $TMOUT yang'anani pakatswiri wanthawi yayitali,

    [Katswiri@HostName]# kutumiza kunja TMOUT=3600 tchulani katswiri watsopano wanthawi yomaliza (mumasekondi). Ngati muyika mtengo kukhala 0, ndiye kuti nthawi yotha idzayimitsidwa.

  13. Kuti mutenge zochunira, yambitsani migrate import utility. Kuti muchite izi, pitani ku chikwatu: cd $FWDIR/bin/upgrade_tools/ndikuyendetsa import: ./migrate imp
    ort -l /var/log/UpgradeR77.30_R80.20/SMS_w_logs_export_r77_r80.tgz

Tiyeni tisangalale ndi moyo kwa maola angapo otsatira. OSATI KULETSA PHUNZIRO LANU LA SSH panthawi ya ndondomekoyi. Pamapeto pake, njira yosamuka idzawonetsa uthenga wopambana kapena zolakwika. 

Mndandanda pambuyo pokonzanso

  1. Kupezeka kwa zothandizira.
  2. SIC ndi GW.
  3. Zilolezo. Ngati zilolezo zikuwonetsedwa molakwika kapena sizikuwonetsedwa pa SMS, yendetsani lamulo vsec_central_licence pogawa ziphaso.
  4. Kukhazikitsa ndondomeko. 

Kulowetsa SmartEvent database

  1. Yambitsani tsamba la SmartEvent.
  2. Timalumikiza kudzera pa WinSCP kupita ku SMS ndikusamutsa mafayilo omwe adatsitsidwa m'mbuyomu <date> -db-backup.backup ΠΈ EventiaUpgrade.tar ku folda /var/log/UpgradeR77.30_R80.20/
  3. Timayendetsa script ndi lamulo: $RTDIR/bin/eventiaUpgrade.sh -upgrade /var/log/UpgradeR77.30_R80.20/eventiaUpgrade.tar
  4. Kuyang'ana udindo: watch -n 10 eventiaUpgrade.sh
  5. Kuwona zipika mu SmartEvent. MALOTO!

Kusintha gulu la Check Point GW (Yogwira / Zosunga zobwezeretsera)

Asanayambe ntchito

  1. Timasunga kasinthidwe ka GAIA kuchokera pagulu lililonse kupita ku fayilo, kuti tichite izi gwiritsani ntchito lamulo: clish -c "kuwonetsa kasinthidwe"> ./<Fayilo dzina>.txt
  2. Kutsitsa mafayilo pogwiritsa ntchito WinSCP.
  3. Lumikizani ku WebUI ya node zonse ziwiri ndikupita ku tabu CPUSE β†’ Onetsani mapaketi onse.
  4. Kupeza zosintha za mtunduwo R80.20 Kuyika Kwatsopano, kanda Tsitsani.
  5. Timayang'ana kuti protocol ya CCP ikugwira ntchito Kuwulutsa, kuti muchite izi, lowetsani lamulo: cphaprob -a ngati
    Ngati mawonekedwe asankhidwa Multicast, m'malo mwake ndi lamulo: cphaconf set_ccp kuwulutsa (lamulo likuchitidwa pa node iliyonse).
  6. Timayika Downtime pama node omwe akukhudzidwa mumayendedwe anu owunikira.
  7. Timayang'ana kuti magawo amathandizidwa pamlingo wa virtualization Kusintha Adilesi ya MAC ΠΈ Kutumiza Kwabodza kwa netiweki yolumikizana.

Sintha

  1. Timalumikiza kudzera pa ssh kupita ku Active node ndikuyendetsa lamulo kuti tiwone momwe gululi lilili: watch -n 2 cphaprob stat
  2. Bwererani ku WebUI Stanby node tabu CPUSE ndi phukusi losankhidwa R80.20 Kuyika Kwatsopano kuyambitsa Wotsimikizira.
  3. Tiyeni tilingalire lipoti la Verifier. Ngati kukhazikitsa ndikuloledwa, pitirirani.
  4. Sankhani phukusi R80.20 Kuyika Kwatsopano ndi kukhazikitsa Mokweza. Panthawi yopititsa patsogolo, dongosolo lidzayambiranso. Zokonda za GAIA zasungidwa. Panthawi yoyambitsanso, timayang'anitsitsa momwe gululo likukhalira. Mukatsitsa, mawonekedwe a node yosinthidwa ayenera kusintha kukhala READY. Nthawi zingapo, tidakumana ndi mphindi pomwe node yomwe inali isanasinthidwe idasinthidwa kukhala Active Attention ndikusiya kuwonetsa mawonekedwe a node yosinthidwa. Osadandaula - njira iyi ndiyovomerezeka.
  5. Zosintha zikatha, tsegulani SmartDashboard.
  6. Tsegulani chinthu cha tsango ndikusintha mtundu wa tsango kuchoka pa R77.30 kupita ku R80.20. Dinani Chabwino. Ngati cholakwika chikuwoneka posunga zosintha:
    Zalakwika mkati. (Kodi: 0x8003001D, Sanathe kupeza fayilo yolemba ntchito),
    kutsatira SK119973. Pambuyo pake, sungani zosinthazo ndikudina Ikani Policy.
  7. Muzokonda, chotsani kusankha Pamagulu a pachipata, ngati kuyika pagulu sikulephera, musayike pagululo.
  8. Timayika ndondomeko. Dongosololi lipanga cholakwika pa Active node yomwe sinasinthidwebe.
  9. Timalumikizana ndi node yosinthidwa kudzera pa ssh ndikuyendetsa lamulo kuti tiwone momwe gululi lilili: watch -n 2 cphaprob stat
  10. Lumikizani ku WebUI Active node ndikupita ku tabu CPUSE β†’ Onetsani mapaketi onse.Kupeza zosintha za mtunduwo R80.20 Kuyika Kwatsopano, dinani Tsitsani.
  11. Timayika Downtime pama node omwe akukhudzidwa mumayendedwe anu owunikira.
  12. Bwererani ku tabu ya WebUI Active node CPUSE ndi phukusi losankhidwa R80.20 Kuyika Kwatsopano kuyambitsa Wotsimikizira.
  13. Tiyeni tilingalire lipoti la Verifier. Ngati kukhazikitsa ndikuloledwa, pitirirani.
  14. Sankhani phukusi R80.20 Kuyika Kwatsopano ndi kukhazikitsa Sintha. Panthawi yopititsa patsogolo, dongosolo lidzayambiranso. Zokonda za GAIA zasungidwa. Panthawi yoyambiranso, timayang'anitsitsa momwe gululi likukhalira pa node yomwe yasinthidwa kale. Pambuyo poyambiranso, gulu lamagulu pa node yosinthidwa lisintha kuchoka pa READY kupita ku ACTIVE.
  15. Ntchito Yokweza Ikamalizidwa, yambitsani SmartDashboard ndikukhazikitsa mfundo.

Mndandanda pambuyo pokonzanso

  • Zolemba zochitika mu SmartLog, mawonekedwe a ma VPN.
  • Zokonda za GAIA.
  • Kubwezeretsanso gulu pambuyo pa mayeso a Failover.
  • Malayisensi ndi makontrakitala. Ngati zilolezo zikuwonetsedwa molakwika kapena sizikuwonetsedwa pa SMS, yendetsani lamulo. vsec_central_licence yogawa layisensi.
  • Mtengo wa CoreXL.
  • SecureXL.
  • Hotfix ndi CPinfo pa mfundo ziwiri.

Pomaliza

Nthawi zambiri, ndizo zonse pakadali pano - mwasinthidwa.

Kwa ife, ntchito yonseyo idatenga pafupifupi maola 6 mpaka 12, kutengera kukula kwa nkhokwe zotumizidwa kunja. Ntchitoyi idachitika mausiku awiri: imodzi yosinthira ma SMS, yachiwiri ya gulu.

Panalibe nthawi yochepetsera magalimoto, ngakhale kuti tinayang'ana zolakwika zonse zomwe tazitchula pamwambapa.

Zachidziwikire, nthawi zina zovuta zatsopano zimatha kubuka panthawi yosinthira, koma iyi ndi Check Point, ndipo monga tonse tikudziwa, nthawi zonse pamakhala hotfix!

Usiku wabwino wakuda ndi pinki ndi zosintha!

Source: www.habr.com

Kuwonjezera ndemanga