cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

Migrating Checkpoint management station

Hi,

I have a project to migrate our current checkpoint from our service provider to in house. Our service provide has 77.10 running on the Gateway and 77.20 running on the manager.

Important info:

- our service provider has multiple client managed by one manager

How would we get the policies and object from the service provider and import it into our new management station which is running 77.20 as well.

0 Kudos
2 Replies
Danny
Pearl

Re: Migrating Checkpoint management station

Your service provider is probably using Check Point Multi Domain Security Management (MDSM) R77.20 (previously known as Provider-1).

Please request them to send you a ./migrate export of your management configuration. The migrate tool can be found in this directory of your service provider's MDSM:

/opt/CPmds-R77/customers/NAME_OF_CUSTOMER_DMS/CPsuite-R77/fw1/bin/upgrade_tools/

Also request a WebVis output of all your policies and objects including any global rules.

Import the provided export via $FWDIR/bin/upgrade_tools/migrate import on your local management station, adjust the GUI clients and management admin account via the GAiA WebUI, IP address, licenses and everything to be able to finally log in into your own local management stations.

Finally compare the configuration in your management station with the provided WebVis configuration, configure your own firewall gateway and adjust policy installation target, NAT rules etc. and install the security policy for testing your configuration.

0 Kudos
Admin
Admin

Re: Migrating Checkpoint management station

R77.20 and earlier releases are End of Support and should not be used for new deployments.

You should strongly consider using R80.10 for your on-premise management, or at the very least R77.30 (which is still supported).

If your provider has your gateways managed in a separate domain from other customers, they should be able to provide you output from a migrate export using the tool for the target version.

If your partner is using the same management domain for multiple customers (which is not best practice), then it becomes a lot more complicated to get only your data for your gateway.

0 Kudos