This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Don_Paterson
MVP Gold
MVP Gold
3 weeks ago

The Scalable Platform Migration Tool - Refresh question

I don't see anything in sk183894 about hardware refresh (swapping platforms).

https://support.checkpoint.com/results/sk/sk183894

 

At this point in time would it be better to carry out the hardware refresh before the migration tool is used, or is there another recommended method?

 

R82 Jumbo Hotfix Accumulator take #103 brings the Scalable Platform Migration Tool

https://community.checkpoint.com/t5/Product-Announcements/R82-Jumbo-Hotfix-Accumulator-take-103-has-... 

"Overview
The Scalable Platform Migration Tool is a specialized utility that converts legacy setups to next-generation architectures:

From ClusterXL to ElasticXL that provides an enhanced clustering technology.

From the Traditional VSX mode to the VSNext mode that provides an advanced Virtual Gateway platform (still under development).

This Migration Tool enables organizations to upgrade their Check Point security infrastructure for improved performance, scalability, and management capabilities while maintaining security policies and operational continuity.

This Migration Tool is the interactive command "sp_migration" (in the Expert mode) on the Security Management Server / Multi-Domain Security Management Server. See the section "Working with the Scalable Platform Migration Tool"."

0 Kudos
4 Replies
emmap
MVP Gold CHKP MVP Gold CHKP
MVP Gold CHKP
3 weeks ago

If I were doing a hardware refresh I wouldn't use the conversion tool, I'd just build it clean. For CXL > EXL it's not a huge job to clean build the new hardware directly into an EXL cluster and configure it up as necessary. For VSX > VSNext there are enough limitations there that a clean sheet build would likely be the smoother experience, and besides VSNext needs architecture tweaks and whatnot as well what with every VS requiring a network path back to the management server so doing it clean allows time and flexibility to do it properly from the outset. 

I would use the tool for CXL > EXL on the same hardware. For a VSX conversion I would recommend waiting until a hardware refresh opportunity comes around unless there was a driving need to use the new VSNext before then. It's a big change on the network and making that conversion without the flexibility of an easy rollback to the old kit is quite a risk. 

0 Kudos
Don_Paterson
MVP Gold
MVP Gold
3 weeks ago
In response to emmap

The focus is on the policy more than gateways. 

The tool converts the gateways first and then the management side, where all the policy and objects are adjusted automatically. 

That could be where the tool is most valuable. 

Not focused on VSNext. That's something probably worth doing 'manually' unless the tool proves to do a good job of the conversion. 

 

0 Kudos
PhoneBoy
Admin
Admin
3 weeks ago

I'm with @emmap on this one, I would be more inclined to go with a rebuild if a hardware replacement is involved.
This is more for in-place migrations. 

0 Kudos
Don_Paterson
MVP Gold
MVP Gold
3 weeks ago
In response to PhoneBoy

I understand. 

The whole idea behind SP, from a management perspective, is to reduce management overhead drastically. 

Looks like its not possible to enjoy the simplified management from step 1, migration, and only possible after the manual refresh and then manual conversion or migration tool conversion.  

If the migration tool supported hardware refresh that would be a nice benefit for the customer who wants to refresh and convert in one project. 

 

https://community.checkpoint.com/t5/Firewall-and-Security-Management/Replacing-5800-HA-ClusterXL-wit...

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events