Create a Post
Showing results for 
Search instead for 
Did you mean: 

Move security gateways from different separated sms to an existing remote mds

Hello folks there,

i have tracked the forum hoping to find answer to my needs by i could not find any topic related to my concern.

may be one can help. My project :

I'm responsible of a project which purpose is to migrate the management of 21 security gateways managed locally to a centralized location within a an existing mds environment.  All different sites (in diferent contries) are connected trough site-to-site VPN to the ecntralized sites were is located the mds.

Current architecture :

8 sites within the same VPN community with their firewall already remotely managed in the same domain server within the mds.

we are planning to move the management of 21 security gateways  located in four different remote sites to this existing domain server.  Each of these sites is connected to the central by site-to-site VPN.

Site A:

A cluster of two security gateways localy managed by a manager hosted by one of  them. 

Version  R77.30

Site B :

2 clusters of two gateways each and two other standalone gateways (FW version R77.30 and R80.10), both locally managed by by a sms under R80.10

Site C :

A clusters of two  firewalls with four other standalone firewall, both under 77.30 and managed by a sms under R80.10 version.

My change plan is to recreate manually objects and policy to the remote domain server (using public IP adresses for connectivity) and establish SIC, Reconfigure VPNs sincthere are  different other VPN configured on each sites. 

For the site A i will additionally rebuild the  cluster memeber that host the management to be a simple security gateway.

In all casesone member should be move first to avoid a long downtime

My concern is :   Is there another way to move this management to a centralized environment ?

I will appreciate your help


5 Replies

I find it a good idea to re-create all rules and objects in the new MDS. The alternative way is migrate export / import, see sk32506 upgrade_export command support on CMA for details.


Hi Günther,

thanks a lot for your comment. The SK32506 is not helpfull for since i will not move the management server to the remote MDS, only gateways will be managed by existing domain server in the remote MDS.

I could not find any topic related to my situation.

0 Kudos

But you asked: Is there another way to move this management to a centralized environment ? Nad now you tell me that you will not move the management server to the remote MDS.

0 Kudos

My apologize. I wouldn't mean moving the management server, but moving these gateways to the management server in the mds. As I stated above, this server is already managing 12 other remote gateways.  My concernn is to know whether is there any other way to export policy and objects to the remote server than just manually creating each of object and single rule. In one of local manager I have more than thousend objects. 

0 Kudos

You've got a couple different issues here.

0 Kudos