cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question
Highlighted
Ivo_Marques
Nickel

Howto migrate export - R80.10

Hi guys,

 

We recently migrate to R80.10 and now we need to export the policy. I read somewhere in the forum that you could do that with the RestAPI, I think something using "show access rulebase" (I will find it later).

 

So, my question is it's a full export like "./migrate export"? This method also export the IP SEC Communities whit the pre-shared secret? I'm able to import the file to create a similar environment?

 

Can I see this method like a backup of my SMS?

Thanks in advanced,

Ivo

5 Replies
Employee+
Employee+

Re: Howto migrate export - R80.10

You can export a policy and the majority of it's objects. I wouldn't think of it as a replacement to existing procedures as there are still limitations on some objects the API cannot handle.

0 Kudos
Admin
Admin

Re: Howto migrate export - R80.10

0 Kudos

Re: Howto migrate export - R80.10

A little time ago I did that operation, I used migration tool to transfer secury policy.
Migration tool can not export (and certainly import) logging settings, nat settings and rules, logs.
Also might be a problem with internal certificates, when you will import a policy.

But migration tool will import all objects, security policy and rules, blade settings and global properties.

There are a lot of obstacles, because the Check Point hasn't such operation as I've understood.

0 Kudos

Re: Howto migrate export - R80.10

I am not sure I fully understand what you are trying to say. However, if you are saying that migrate tool cannot be used to export a single policy package, that is true. It is designed and advised to be used for migrating to a different HW, IP address, etc, for the whole SMS or a Security Domain. 

As Dameon mentioned above, there is a script for policy migration that you could use.

Re: Howto migrate export - R80.10

>>Can I see this method like a backup of my SMS?

Yes, migrate export is actually one of the recommended ways to backup your management. If you need to export not jsut the DB and ICA, but the logs, there is a flag to do so.

0 Kudos