ProHoster > Blog > Tsamaiso > Ho Nchafatsa Check Point ho tloha ho R77.30 ho isa ho 80.20

Ho Nchafatsa Check Point ho tloha ho R77.30 ho isa ho 80.20

Ho Nchafatsa Check Point ho tloha ho R77.30 ho isa ho 80.20

Hoetla ka 2019, Check Point e ile ea emisa ho tšehetsa liphetolelo tsa R77.XX, 'me ho ne ho hlokahala hore e ntlafatsoe. Ho se ho boletsoe ho hongata mabapi le phapang pakeng tsa liphetolelo, melemo le boiketlo ba ho fetohela ho R80. Ha re bueng hantle mabapi le mokhoa oa ho ntlafatsa lisebelisoa tsa sebele tsa Check Point (CloudGuard bakeng sa VMware ESXi, Hyper-V, KVM Gateway NGTP) le se ka senyehang.

Kahoo, re ne re e-na le lienjiniere tse 2 tsa CCSE, lihlopha tse fetang leshome le metso e 'meli tsa Check Point R77.30, maru a' maloa, li-hotfixes tse 'maloa le leoatle lohle la likokoana-hloko tse fapaneng, glitches le tsohle, tsa mebala eohle le boholo, le hape le linako tse thata haholo. Ha re ee!

Tse ka Hare:

Ho lokisetsa
E nchafatsa seva sa taolo
Ho nchafatsa sehlopha

Ho Nchafatsa Check Point ho tloha ho R77.30 ho isa ho 80.20

Sena ke seo setsi sa marang-rang sa leru se tloaelehileng se nang le Check Point se shebahalang se le joalo

Ho lokisetsa

Mohato oa pele ke ho hlahloba hore na ho na le lisebelisoa tse lekaneng bakeng sa ho ntlafatsa. Litlhoko tse tlase tse khothaletsoang tsa R80.20 hajoale li shebahala tjena:

Sesebelisoa

CPU

RAM

o hdd

Tsela ea Tšireletso

2 konokono

4 Gb

Ho tloha ho 15GB

SMS

2 konokono

6 Gb

-

Litlhahiso li hlalositsoe tokomaneng CP_R80.20_GA_Release_Notes.

Empa re tla talima lintho ka tsela ea sebele. Haeba sena se lekane ka tlhophiso e fokolang haholo, joale, joalo ka ha boikoetliso bo bontša, hangata re na le tlhahlobo ea https e nolofalitsoeng, SmartEvent e sebetsang ka SMS, joalo-joalo, eo, ehlile, e hlokang bokhoni bo fapaneng ka ho felletseng. Empa ka kakaretso, ha e fete R77.30.

Empa ho na le li-nuances. 'Me li amana, pele ho tsohle, le boholo ba mohopolo oa 'mele. Lits'ebetso tse ngata ka kotloloho nakong ea ts'ebetso ea ntlafatso li tla hloka sebaka sa hard disk.

Bakeng sa seva sa tsamaiso, boholo ba sebaka sa mahala sa disk se tla itšetleha haholo ka boholo ba li-logs tsa morao-rao (haeba re batla ho li boloka) le palo ea Liphetoho tsa Database tse bolokiloeng, le hoja re ke ke ra hlola re li hloka ka bongata. Ehlile, bakeng sa li-cluster node (ntle le haeba u boloka li-logs sebakeng sa heno) sena sohle ha se na taba. Mona ke mokhoa oa ho hlahloba hore na u na le sebaka seo u se hlokang:

  1. Re hokela ho Smart Management Server ka ssh, e-ea ho mokhoa oa setsebi ebe u kenya taelo:

    [Setsebi@cp-sms:0]# df -h

  2. Ka tlhahiso re tla bona ntho e kang ena:

    Filesystem Size Ssed Avail Use% E behiloe ho
    /dev/mapper/vg_splat-lv_current 30G 7.4G 21G 27% /
    /dev/sda1 289M 24M 251M 9% /boot
    tmpfs 2.0G 0 2.0G 0% /dev/shm
    /dev/mapper/vg_splat-lv_log 243G 177G 53G 78% /var/log

  3. Hajoale re thahasella karolo ena / var / log

Ka kopo hlokomela hore ho itšetlehile ka pholisi ea ho boloka le ho hlakola lifaele tsa khale tsa log, hammoho le boholo ba database e rometsoeng ka ntle, sebaka se eketsehileng se ka 'na sa hlokahala. Haeba, ha ho etsoa li-archive, ho na le sebaka se fokolang sa mahala ho feta se boletsoeng leanong la polokelo ea faele ea log, tsamaiso e tla qala ho hlakola li-logs tsa khale 'me e SE KE ea li kenyelletsa polokelong ea boitsebiso.

Hape, bakeng sa ts'ebetso ea ntlafatso ka boeona, sistimi e tla hloka bonyane 13 GB ea sebaka sa hard disk se sa abeloang. U ka hlahloba boteng ba eona ka taelo:

[Setsebi@cp-sms:0]# pvs

Re tla bona ntho e kang ena:

PV VG Fmt Attr PSize PFree
/dev/sda3 vg_splat lvm2 a- 141.69G 43.69G

Tabeng ena re na le 43 GB. Ho na le lisebelisoa tse lekaneng. U ka qala ho ntlafatsa.

Ho nchafatsa seva sa taolo ea Check Point SMS

Pele o qala mosebetsi o hloka ho etsa tse latelang:

  1. Kenya sephutheloana sa Migration Tools ho seva sa tsamaiso. Ho etsa sena, o hloka ho jarolla setšoantšo ho portal Check Point.
  2. Kenya li-archive ho seva sa tsamaiso ka WinSCP ho foldareng /var/log/UpgradeR77.30_R80.20 (haeba ho hlokahala, etsa foldara pele).
  3. Hokela ho seva sa taolo ka SSH 'me u ee foldareng e nang le polokelo:cd /var/log/UpgradeR77.30_R80.20/
  4. Unzip faele:tar -zxvf ./<lebitso la faele>.tgz
  5. Re qala ts'ebeliso ea pre_upgrade_verifier ka taelo: ./pre_upgrade_verifier -p $FWDIR -c R77 -t R80.20
  6. Ka mor'a ho phethahatsa taelo, tlaleho ea litlhophiso tse sa lumellaneng e tla hlahisoa. E fumaneha ho: /opt/CPsuite-R77/fw1/log/pre_upgrade_verification_report.(xls, html, txt). Ho bonolo haholoanyane ho e kenya ka SCP le ho e shebella ka sebatli.
    Ho rarolla litlhophiso life kapa life tse sa lumellaneng, sebelisa SK117237.
  7. Ebe u sebelisa sesebelisoa sa pre_upgrade_verifier ho etsa bonnete ba hore lisosa tsohle tsa ho se lumellane li felisitsoe.
  8. Ka mor'a moo, re bokella tlhahisoleseling mabapi le likhokahano tsa marang-rang, tafole ea ho tsamaisa le ho kenya tlhophiso ea GAIA:
    ip a > /var/log/UpgradeR77.30_R80.20/cp-sms-config.txt
    ip r > /var/log/UpgradeR77.30_R80.20/cp-sms-config.txt
    clip -c "show configuration"> /var/log/UpgradeR77.30_R80.20/cp-sms-config.txt
  9. Kenya faele e hlahisitsoeng ka SCP.
  10. Re nka snapshot boemong ba virtualization.
  11. Re eketsa nako ea nako ea kopano ea SSH ho lihora tse 8. E ipapisitse le lehlohonolo la hau: ho latela boholo ba database e romelloang kantle ho naha, e ka nka metsotso e mengata ho isa ho lihora tse 'maloa. Molemong oa sena: 
    [Expert@HostName]# cling -c "bontša ho se sebetse-timeout" sheba nako ea hona joale ea ho qetela,

    [Expert@HostName] # clish -c "set inactivity-timeout 720" hlalosa nako e ncha ea ho qeta nako (ka metsotso),

    [Setsebi@HostName]# echo $TMOUT sheba mokhoa oa hona joale oa setsebi sa nako,

    [Setsebi@HostName]# thomello kantle ho naha TMOUT=3600 Hlalosa mokhoa o mocha oa setsebi sa nako (ka metsotsoana), haeba u beha boleng ho 0, nako ea nako e tla tima.

  12. Re khoasolla le ho beha setšoantšo sa ho kenya SMS.iso mochining oa sebele.

    Pele ho mohato o latelang, E-BA SEBELISA hore u hlahlobe habeli hore na u na le sebaka se lekaneng se sa abuoang ho hard drive ea hau (hopola, u hloka 13 GB). 

  13. Pele o qala ho romella tlhophiso, fetola faele ea log ka taelo: fw logswitch

Export tlhophiso le logs

  1. Sebelisa sesebelisoa sa migrate_export ho jarolla tlhophiso. Ho etsa sena, e ea ho foldareng e entsoeng pele: cd /var/log/UpgradeR77.30_R80.20/ 'me u sebelise taelo: ./migrate export -l /var/log/UpgradeR77.30_R80.20/SMS_w_logs_export_r77_r80.tgz

    kapa

    e-ea ho sephutheli: cd $FWDIR/bin/upgrade_tools/ и
    tsamaisa taelo ho tloha moo: ./migrate export -l /var/log/UpgradeR77.30_R80.20/SMS_w_logs_export_r77_r80.tgz

  2. Re tlosa checksum polokelong ea litaba: md5sum /var/log/UpgradeR77.30_R80.20/SMS_w_logs_export_r77_r80.tgz
  3. Boloka boleng ba sephetho ho notepad.
  4. Re hokela ho SMS ka SCP mme re kenya polokelo ea litaba ka tlhophiso ea setsi sa mosebetsi. Etsa bonnete ba hore o sebelisa phetiso ea faele ka mokhoa oa Binary.

Romella SmartEvent database

Mona re hloka mofuta oa SMS o kentsoeng pele oa R80. Teko efe kapa efe e tla etsa. 

  1. Ho tsoa ho SMS re hloka script e fumanehang mona:$RTDIR/bin/eva_db_backup.csh
  2. Kenya mongolo ka SCP eva_db_backup.csh ho foldareng: /var/log/UpgradeR77.30_R80.20/
  3. Hokela ka SSH ho SMS. Kopitsa faele ho foldareng: cp /var/log/UpgradeR77.30_R80.20/eva_db_backup.csh
    $RTDIR/bin/eva_db_backup.csh
  4. Ho fetola encoding: dos2unix $RTDIR/bin/eva_db_backup.csh
  5. Ho eketsa mong'a: chown -v admin: motso $RTDIR/bin/eva_db_backup.csh
  6. Kenya litokelo: chmod -v 0755 $RTDIR/bin/eva_db_backup.csh
  7. Re qala ho romella database ea SmartEvent: $RTDIR/bin/eva_db_backup.csh
  8. Kenya lifaele tse amoheloang ka SCP: $RTDIR/bin/<date>-db-backup.backup и $RTDIR/bin/eventiaUpgrade.tar ho ea setsing sa mosebetsi.

Phetoho

  1. Eya ho WebUI GAIA SMS → CPUSE → Bontša liphutheloana tsohle.
  2. Haeba CPUSE e fana ka phoso ho hokahanya leru la Check Point, hlahloba DGW, DNS le litlhophiso tsa Proxy.
  3. Haeba ntho e 'ngoe le e' ngoe e nepahetse, 'me phoso e sa nyamele, joale u lokela ho ntlafatsa CPUSE ka letsoho, u tataisoa ke sk92449.
  4. Khoasolla setšoantšo 'me u tsamaee Netefatsa. Haeba ho hlokahala, re felisa ho se lumellane.

    Ka lebaka leo, o lokela ho bona molaetsa ona:

    Ho Nchafatsa Check Point ho tloha ho R77.30 ho isa ho 80.20

  5. Khetha R80.20 Instola e Ncha le Ntlafatso bakeng sa Tsamaiso ea Ts'ireletso.
  6. Ha o kenya apdeite, khetha Hloekisa Instasta. Kamora ho kenya, sistimi e tla qala hape.
  7. Re feta Lekhetlo la Pele Wizard.
  8. Kamora ho fumana phihlello, re hlahloba li-account.
  9. Re hokela ho SMS ka SSH mme re fetola khetla ea mosebelisi ho / bin/bash/:

    seta mosebelisi <lebitso la mosebelisi> khetla /bin/bash/

    boloka config (haeba re batla ho tloha bin/bash/ e le khetla ea kamehla kamora ho qala bocha).

  10. Ka mor'a moo, re hokela ho SMS ka SCP ebe re fetisetsa polokelo ka tlhophiso ka mokhoa oa Binary SMS_w_logs_export_r77_r80.tgz ho tsamaisetsa foldareng /var/log/UpgradeR77.30_R80.20/
  11. Re tlosa checksum polokelong ea litaba: md5sum /var/log/UpgradeR77.30_R80.20/SMS_w_logs_export_r77_r80.tgz le ho bapisa le boleng ba pele. Checksum e tlameha ho tšoana.
  12. Re eketsa nako ea nako ea kopano ea SSH ho lihora tse 8. Molemong oa sena:

    [Expert@HostName]# cling -c "bontša ho se sebetse-timeout" sheba nako ea hona joale ea ho qetela,

    [Expert@HostName] # clish -c "set inactivity-timeout 720" hlalosa nako e ncha ea ho qeta nako (ka metsotso),

    [Setsebi@HostName]# echo $TMOUT sheba mokhoa oa hona joale oa setsebi sa nako,

    [Setsebi@HostName]# thomello kantle ho naha TMOUT=3600 hlalosa mokhoa o mocha oa ho qeta nako (ka metsotsoana). Haeba u beha boleng ho 0, nako ea nako e tla tima.

  13. Ho kenya litlhophiso, tsamaisa lisebelisoa tse tsoang ho falla. Ho etsa sena, e ea ho foldareng: cd $FWDIR/bin/upgrade_tools/ebe o tsamaisa thepa: ./migrate imp
    ort -l /var/log/UpgradeR77.30_R80.20/SMS_w_logs_export_r77_r80.tgz

Ha re natefeloe ke bophelo lihora tse 'maloa tse tlang. U SE KE UA KHAOLA SSH SESSION EA HAO nakong ea ts'ebetso. Qetellong, ts'ebetso ea ho falla e tla bonts'a molaetsa oa katleho kapa phoso. 

Lenane la tlhahlobo ka mor'a ho ntlafatsoa

  1. Ho fumaneha ha lisebelisoa.
  2. SIC e nang le GW.
  3. Lilaesense. Haeba lilaesense li hlahisoa ka phoso kapa li sa hlahisoa ho SMS, tsamaisa taelo vsec_central_licence bakeng sa kabo ea laesense.
  4. Ho beha leano. 

Ho kenya database tsa SmartEvent

  1. Kenya tšebetsong lehare la SmartEvent.
  2. Re hokela ka WinSCP ho SMS ebe re fetisetsa lifaele tse jarollotsoeng pele ka mokhoa oa binary <date> -db-backup.backup и EventiaUpgrade.tar ho tsamaisetsa foldareng /var/log/UpgradeR77.30_R80.20/
  3. Re tsamaisa script ka taelo: $RTDIR/bin/eventiaUpgrade.sh -upgrade /var/log/UpgradeR77.30_R80.20/eventiaUpgrade.tar
  4. Ho hlahloba boemo: watch -n 10 eventiaUpgrade.sh
  5. Ho hlahloba lintlha ho SmartEvent. TORO!

Ho nchafatsa sehlopha sa Check Point GW (Ea sebetsa/E boloka bekapo)

Pele o qala mosebetsi

  1. Re boloka tlhophiso ea GAIA ho tloha sebakeng se seng le se seng sa sehlopha ho ea faeleng, ho etsa sena sebelisa taelo: clish -c "show configuration"> ./<File name>.txt
  2. Ho kenya lifaele ka WinSCP.
  3. Hokela ho WebUI ea li-node ka bobeli 'me u ee ho tab CPUSE → Bontša liphutheloana tsohle.
  4. Ho fumana sephutheloana sa ntlafatso ea mofuta ona R80.20 Instola e Ncha, tobetsa Khoasolla.
  5. Re hlahloba hore na protocol ea CCP e sebetsa ka mokhoa ona Phatlalatso, ho etsa sena, kenya taelo: cphaprob -a haeba
    Haeba mokhoa o khethiloe E ngata, e nkele sebaka ka taelo: cphaconf set_ccp khaso (taelo e etsoa sebakeng se seng le se seng).
  6. Re kenya Downtime bakeng sa li-node tse amehang tsamaisong ea hau ea ho beha leihlo.
  7. Re hlahloba hore li-parameter li nolofalitsoe boemong ba virtualization Phetoho ea Aterese ea MAC и Phetisetso e entsoeng bakeng sa marang-rang a sync.

Phetoho

  1. Re hokela ka ssh ho node e sebetsang ebe re tsamaisa taelo ea ho lekola boemo ba sehlopha: shebella -n 2 cphaprob lipalo
  2. Khutlela ho WebUI Stanby nodes tab CPUSE le bakeng sa sephutheloana se khethiloeng R80.20 Instola e Ncha qala Netefatsa.
  3. Ha re hlahlobeng tlaleho ea Verifier. Haeba ho kenya ho dumelletswe, tswela pele.
  4. Khetha sephutheloana R80.20 Instola e Ncha le ho qala apkreite. Nakong ea ts'ebetso ea Ntlafatso, sistimi e tla qala hape. Litlhophiso tsa GAIA li bolokiloe. Nakong ea ho qala bocha, re beha leihlo boemo ba sehlopha. Kamora ho kenya, boemo ba node e ntlafalitsoeng e lokela ho fetoha ho READY. Maemong a 'maloa, re ile ra kopana le motsotso ha node e neng e e-s'o ntlafatsoe e fetohela ho boemo ba Tlhokomelo e Matla' me e emisa ho bontša boemo ba node e nchafalitsoeng. U se ke ua tšoha - khetho ena e boetse e amoheleha.
  5. Hang ha ntlafatso e felile, bula SmartDashboard.
  6. Bula ntho ea sehlopha 'me u fetole mofuta oa sehlopha ho tloha ho R77.30 ho ea ho R80.20. Tobetsa OK. Haeba phoso e hlaha ha o boloka liphetoho:
    Phoso ea ka hare e etsahetse. (Khoutu: 0x8003001D, Ha e khone ho fumana faele bakeng sa ts'ebetso ea ho ngola),
    latela SK119973. Ka mor'a moo, boloka liphetoho ebe o tobetsa Kenya Leano.
  7. Ho li-setting, hlakola khetho Bakeng sa lihlopha tsa liheke, haeba ho kenya setho sa cluster ho hlōleha, u se ke ua kenya sehlopheng seo.
  8. Re beha leano. Sistimi e tla hlahisa phoso bakeng sa node e sebetsang e so ka e ntlafatsoa.
  9. Re hokela node e ntlafalitsoeng ka ssh ebe re tsamaisa taelo ea ho beha leihlo boemo ba sehlopha: shebella -n 2 cphaprob lipalo
  10. Hokela ho WebUI Active node 'me u ee ho tab CPUSE → Bontša liphutheloana tsohle.Ho fumana sephutheloana sa ntlafatso ea mofuta ona R80.20 Instola e Ncha, tobetsa Khoasolla.
  11. Re kenya Downtime bakeng sa li-node tse amehang tsamaisong ea hau ea ho beha leihlo.
  12. Khutlela tabeng ea WebUI Active nodes CPUSE le bakeng sa sephutheloana se khethiloeng R80.20 Instola e Ncha qala Netefatsa.
  13. Ha re hlahlobeng tlaleho ea Verifier. Haeba ho kenya ho dumelletswe, tswela pele.
  14. Khetha sephutheloana R80.20 Instola e Ncha le ho qala Ntlafatsa. Nakong ea ts'ebetso ea Ntlafatso, sistimi e tla qala hape. Litlhophiso tsa GAIA li bolokiloe. Nakong ea ho qala bocha, re beha leihlo boemo ba sehlopha ho node e seng e ntlafalitsoe. Kamora ho qala bocha, boemo ba sehlopha sebakeng se ntlafalitsoeng se tla fetoha ho tloha READY ho ea ACTIVE.
  15. Ha ts'ebetso ea Ntlafatso e phethiloe, qala SmartDashboard 'me u kenye leano.

Lenane la tlhahlobo ka mor'a ho ntlafatsoa

  • Ho ngolla ketsahalo ho SmartLog, boemo ba lithanele tsa VPN.
  • Litlhophiso tsa GAIA.
  • Ho tsosolosa sehlopha ka mor'a teko ea Failover.
  • Lilaesense le likonteraka. Haeba lilaesense li hlahisoa ka phoso kapa li sa hlahisoa ho SMS, tsamaisa taelo. vsec_central_licence bakeng sa kabo ea laesense.
  • CoreXL.
  • SecureXL.
  • Hotfix le CPinfo ka li-node tse peli.

fihlela qeto e

Ka kakaretso, ke eona feela ntlheng ena - o ntlafalitsoe.

Ho rona, ts'ebetso eohle e ile ea nka ka karolelano ho tloha ho lihora tse 6 ho isa ho tse 12, ho latela boholo ba li-database tse romelloang kantle ho naha. Mosebetsi o ile oa etsoa ka masiu a mabeli: e 'ngoe bakeng sa ho ntlafatsa SMS, ea bobeli bakeng sa sehlopha.

Ho ne ho se na nako ea sephethephethe, ho sa tsotellehe taba ea hore re ile ra hlahloba liphoso tsohle tse boletsoeng ka holimo ho rona.

Ehlile, ka linako tse ling mathata a macha ka ho felletseng a ka hlaha nakong ea ts'ebetso ea ntlafatso, empa ena ke Check Point, mme joalo ka ha bohle re tseba, ho na le hotfix kamehla!

Thabela masiu a matsho le a pinki le ditsebiso!

Source: www.habr.com

Eketsa ka tlhaloso