This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Bucktips34
Participant
‎2024-06-22 11:51 PM

New- need to migrate from datacenter Management server on Azure cloud on same version R81.10

Hi Experts,

 

need your guidence on documents and steps to migrate checkpoint management  server from datacenter to Azure cloud. we have almost 20 gateways managed by existing single management server and currently SIC is established via global rule.
As per plan we are using migrate export & import and changing only Ip address on new ip management address. Will they be distruption while import database file. Kindly guide me the steps for smoother migration. 

Labels
0 Kudos
6 Replies
Nir_Shamir
Employee Employee
Employee
‎2024-06-23 09:24 PM

Hi,

Exporting the DB might take the services of the Management Server to DOWN state, but this won't affect your GW's traffic.

the import of course won't cause any disruptions.

After the DB migration , you just need to make sure the GW's can communicate with the new Management Server , SIC will not be affected between the GW's and the Old and New Management Server (no need to Reset SIC).

I don't know how the current Management Server is configured but you will need to configure the GW's to work with a Management Server behind NAT. See these SK's for more information:

https://support.checkpoint.com/results/sk/sk66381

https://support.checkpoint.com/results/sk/sk100583

 

0 Kudos
Bucktips34
Participant
‎2024-06-24 02:59 AM
In response to Nir_Shamir

Thanks for your response, 

Question: SIC will establish before importing database or after importing the database file on new management server?

Currently, Existing mangement server object is using Hide NAT for all the gateways and SIC is establish with NATED IP . we have some remote VPN side with Public IP it is establish with public IP ( not with NATED IP ) of old Management server , as per logs they are using implied rules.

the new we are planning migrate on azure (new management ) we would like to establish sic with private IP with gateways and for remote VPN side with public IP (we can use Hide NAT to communicate) you suggestion is much appreciated

Note: we can't us static NAT as we have CP gateways in VMSS on azure.

Thanks

0 Kudos
along5664
Participant
‎2024-06-24 09:03 AM

We did this a few years back and now are moving back to onprem .

I am in process of moving back from cloud to onprem now for sms.

Here is how we do it.

We create a new SMS and make it HA with the existing one. Make sure the new one has access to all the gateways.

Once confirmed you can promote the new ha to become the primary. 

0 Kudos
Bucktips34
Participant
‎2024-06-24 11:31 PM
In response to along5664

To create a HA both Management Server should have unique name and IP address (in same subnet). we are using same object name but different subnets/IP address.

 

 

0 Kudos
along5664
Participant
‎2024-06-25 03:45 AM
In response to Bucktips34

We have done this with HA and ours are not on same subnet, but they do have different names.

I have gone from on prem say 172.27.144.x to AWS 10.63.27.x without issues. We then moved from AWS to Azure and I went from 10.63.27.x to 10.250.27.x. Names changed as did the ip, and it worked just fine.

0 Kudos
PhoneBoy
Admin
Admin
‎2024-06-25 08:30 AM
In response to Bucktips34

Management HA does not require nodes to be in the same subnet UNLESS it's a Full HA configuration (then the ClusterXL requirement for this applies).
See: https://support.checkpoint.com/results/sk/sk39345

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
UPCOMING CLOUDMATES EVENTS
    All CloudMates Events