This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Vishnu_Kumar
Contributor
‎2019-06-16 11:36 PM

Database Migration in VSX environment

Hi All,

 

We have following two checkpoint servers

  1. MGMT-SERVER-1:
  • OS: Gaia R80.20
  • VSX Environment (On 2 HA appliances)
  • Managing 6 Virtual Systems.
  • Each VS-Gateway policy package having around 200 policies.
  1. MGMT-SERVER-2:
  • OS: Gaia R80.10
  • Only two firewall in HA Mode.
  • 2000 + Polices into single Policy package.

 

Now we are planning to merge the database of both these management servers using Python toll

Python tool for exporting/importing a policy package or parts of it “

 

 

I need your help for following queries:

  • Can we run this python tool into VSX environment?
  • As OS version are different (R80.10 and R80.20). So is possible to export policy package from R80.10 management server and then import it directly to R80.20 OS
  • As we need to merge the policy package which having 2000+ policies, so is there any limitation on the basis of policy package size or number of policies.

 

 

 

0 Kudos
1 Reply
Maik
Advisor
‎2019-06-16 11:58 PM

Hello Vishnu,

 

Can we run this python tool into VSX environment?

This script (as well as the management API in general) performs operations on the management site. This means it does not matter if the gateway which is related to a given policy is based on VSX or not.

 

As OS version are different (R80.10 and R80.20). So is possible to export policy package from R80.10 management server and then import it directly to R80.20 OS

This script works on R80.10 and R80.20 - the export from R80.10 and import to R80.20 should work. I have not tested this so far, but as the API calls did not change between these versions I do not see any problem with that.

 

As we need to merge the policy package which having 2000+ policies, so is there any limitation on the basis of policy package size or number of policies.

There is no specific limit, but you could run into a timeout while exporting that amount of rules (if you mean rules by mentioning policies in this case). The script will tell you once a timeout is reached as it does not finish the rocess correctly. This can be circumvented by adjusting the timeout itself. In the first place I would try to run it without changing something; if it does not work you can manually adjust the timeout.

 

Regards,

Maik

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events