cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

Is there a way to migrate object and polocy database from r77.20 to r80.10

Hi all,

relatively new to this, so in short, is there a way to export object database and firewall policy database form r77.20 to r80.10. We are replacing old FWs to new ones and we want to keep the same setup. We have new gateways and new management server. 

thanks in advance. 

10 Replies

Re: Is there a way to migrate object and polocy database from r77.20 to r80.10

This is covered in the CP R80.10 Release Notes - Clean install with Advanced Database Migration for the SMS, the GW upgrade method depends on complexity of OS config (if simple, fresh install and config is preferred).

0 Kudos
Employee+
Employee+

Re: Is there a way to migrate object and polocy database from r77.20 to r80.10

1. Download the management Server Migration Tool (R77.x to R80.10) from the below SK:

Check Point R80.10 

2. Untar the tgz to a temp directory on your management server

3. Go to your temp directory and run:
./migrate export [name_of_the_export]

4. copy the [name_of_the_export].tgz to a newly installed R80.10 SMS (first time wizard must be run)

5. Run ./migrate import [name_of_the_export].tgz

Done!

Migration will take some time depending on the size of the database.

Once the migration is done it still takes some more time before all processes are up. You can monitor them with the following script:

$CPMDIR/scripts/check_cpm_status.sh

Re: Is there a way to migrate object and polocy database from r77.20 to r80.10

When I try to do ./migrate export I get 

bash: ./migrate: Permission denied

I am using an admin account and am In expert mode.

0 Kudos

Re: Is there a way to migrate object and polocy database from r77.20 to r80.10

Ok, I finally managed to run the ./migrate export comand but I get no file only a error log, in which it staits that there are some rules that need to be changed, to be working on r80, but I never get a file.

thanks again

0 Kudos
Employee+
Employee+

Re: Is there a way to migrate object and polocy database from r77.20 to r80.10

Right. We have changed the underlying architecture in R80.x compared to the older versions. That's why you might need to make some changes to configuration before upgrade is allowed.

The same tgz-packet with the migrate-script contains another script called pre_upgrade_verifier. Run that script to get a report of possible problems and how to change them. Syntax is something like ./pre_upgrade_verifier -c R77 -t R80

There are three categories of messages in the PUV-report:
ERROR: Must be fixed before the upgrade can take place

WARNING: Recommended to be fixed before or after the upgrade

INFORMATION: No need for action. Just good to know info.

After fixing the issues, run migrate export again.

Also please review Release Notes and Installation and Upgrade Guide for the relevant version.

Re: Is there a way to migrate object and polocy database from r77.20 to r80.10

Do I need to use cpstop to do the ./migrate export command ? 

The current management server is on the one of the gateways and they are still in prodcution.

Thanks again!

0 Kudos
Admin
Admin

Re: Is there a way to migrate object and polocy database from r77.20 to r80.10

Yes it requires a cpstop.

0 Kudos

Re: Is there a way to migrate object and polocy database from r77.20 to r80.10

If you need to go from StandAlone Deployment (GW and SMS in one unit) to distributed deployment, i would suggest two steps:

First change the R77.20 to a distributed deployment (see sk61681: How to migrate from Standalone configuration to Distributed or sk44201: How to migrate Full HA environment to Distributed environment). Migration of Full HA environment to Distributed environment is not supported in R80.x

Then use the procedures above to migrate to R80.x0

0 Kudos
Employee+
Employee+

Re: Is there a way to migrate object and polocy database from r77.20 to r80.10

cpstop is recommended, but you can do it without if you just make sure that no SmartConsole clients are connected to the management server when you are running the export.

0 Kudos
Danny
Jade

Re: Is there a way to migrate object and polocy database from r77.20 to r80.10

Just install Check Point's disconnect_client utility an execute: ./disconnect_client; migrate export ..