We performed the upgrade from R55-HFA16 to NGX R60 HFA3 few weeks ago
and its doing fine. Our enforcements are still on R55-HFA16.
Ramki
CCNA, CCSE-NGAI
Brummer, Steven wrote:
Shiroma,
I just recently performed the same upgrade that you're speaking of with
no ill effects.
I upgraded my R55 HFA17 smartcenter server to NGX and was able to push
policy to the gateways and lost no VPN connections. I saw where many of
the connections dropped, but they reconnected with no issues.
I ran into some issues with my Nokia enforcement points however with
trying to perform the zero-downtime upgrade. It's been a little while
since I did the upgrade to remember the specifics, but the biggest thing
that I remember was that I lost the VRRP interfaces which basically gave
me two standalone gateways instead of a two-node clustered gateway. This
caused all the Internet traffic to stop.
I had to reconfigure everything, but I won't recommed to you that it was
a problem with the upgrade. It very well could have been an operator
problem since this was the first time I had performed a upgrade to a
Nokia platform on my own.
Hope this helps,
Steve
-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf Of Shiroma
Dassanayake
Sent: Wednesday, June 07, 2006 2:53 AM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: [FW-1] upgrading from R55 to NGX
Dear all
I currently have a distributed env. My smartcenter server is running
R55 HFA 14 and my gateway is running R55 HFA09.
I am going to upgrade to NGX R60.
However, this is what I got from the R61 release notes under
clarifications and limitations:
VPN
1. After upgrading a pre-NGX SmartCenter Server to NGX, existing VPN
connections
will be dropped the first time policy is installed if the enforcement
modules are not
also upgraded to NGX. New connections will succeed as expected. For
connections
with static source-destination ports (for example, GRE connections),
reinitialize
them by running cpstop/cpstart on the module.
My upgrade path will be as follows:
Upgrade Smartcenter server first
Upgrade gateway/module
The timeframe between the smartcenter upgrade and the gateway upgrade
could be anywhere from between a week to a month. In this scenario: does
this mean that once the smartcenter server has been upgraded to NGX and
the gateway is still at R55, my existing VPN client connections and
site-site VPNs will cease to function?
Has anyone encountered such a problem during an R55 to NGX upgrade?
Any ideas would be greatly appreciated.
Thanks and regards
Shiroma
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
