Solved: Migrating R81.10 management server to AWS.

nzmatto1 · ‎2023-06-29

I'm needing to move the management of our firewalls from an on premise server to AWS. I thought the easiest way to do this would be to build a new manager in AWS and join that as a Management HA node, however the AWS version of the manager (from the marketplace) is a differing version so I cannot create the HA. We have R81.10 take 335 on prem and the new AWS one is R81-392.1335. I can't seem to find a way to deploy R81.10 take 335 in AWS.

Is it possible to use the AWS Application Migration tool on the manager to replicate it up to AWS, but then not do a 'cutover' thus effectively duplicating the server, reset it's SIC, then join it in to the existing on premise management?
Is there some other, better way to achieve this? The ultimate goal is to move the management to AWS and use that to manage our on prem devices, preferably without doing a migrate_export to the new server and then moving the firewalls across to the new manager one at the time.

thanks Matt

Shay_Levin · ‎2023-07-04

On the cloud formation template , you will see the option to select the version

View solution in original post

PhoneBoy · ‎2023-06-29

The AWS Application Migration tool likely won't work here.
Further, it should not be necessary as we do have R81.10 in AWS.
You can deploy the correct version from one of our CloudFormation templates: https://support.checkpoint.com/results/sk/sk111013

Not sure why our marketplace listings are offering R81 when R81.10 is the widely recommended release.
Will see if we can get this updated.

PhoneBoy · ‎2023-06-29

I was able to find the AWS Marketplace listing for R81.10: https://aws.amazon.com/marketplace/pp/prodview-tbnvixwqlxajs

nzmatto1 · ‎2023-07-02

That page shows Version R81.20-631.1335 beneath there is a hover-link "show other versions" This brings up a list of other version names, but no links to any AMI. I have searched through AWS again, and through the recommended SK111013 however nothing. The SK lists the 3 version numbers but only offers a link to the latest one. It's like the old versions are either removed, or somehow unpublished / unsearchable anymore.
I also have a TAC case open for this (SR #6-0003658294).
I'm feeling like it's either not there, or I'm missing some really obvious button which says 'choose other version here' or something.
Thanks Matt

PhoneBoy · ‎2023-07-03

Why not deploy directly from a CloudFormation template?
We have them here: https://support.checkpoint.com/results/sk/sk111013

nzmatto1 · ‎2023-07-03

Yup, that is exactly what I am wanting to do, however despite the page suggesting there are 4 options for versions (R81.20, R81.10, R81, R80.40), unless I am missing something really obvious there is only one link, and that link leads to only R81.20. That is essentially my entire issue. I cannot find any way to actually install R81.10 at the moment.

Thanks Matt

_Val_ · ‎2023-07-04

@Shay_Levin Hey, could you please advise?

Shay_Levin · ‎2023-07-04

On the cloud formation template , you will see the option to select the version

nzmatto1 · ‎2023-07-04

Far out!!!! I never looked far enough down that page. I was trying to install it primarily via the AMI page on the AWS site. Now that I see it in the cloud formation template I feel just a tad silly!
Thanks heaps for the help, I'm certain I've got it from here! Yay

nzmatto1 · ‎2023-07-04

Just following up in case someone else finds this. If you try to use the AWS AMI pages to build a Checkpoint manager you'll only find the latest version as an image. To build a manager using an earlier version you need to use the the cloud formation template linked to above. Big ups to Shay for pointing me in the right direction. I have successfully built my R81.10 manager in AWS and even have it mostly working.

Are you a member of CheckMates?

Migrating R81.10 management server to AWS.