Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

Moving Gateway to New Management and Importing Old Ruleset

Jump to solution

Hi,

i have a checkpoint manager (R80.20) and need to manage one of our older firewalls (R77.30). 

The manager this old checkpoint had is in a bad way. 

Is there any way I can set a new SIC on the old firewall, manage it in the new GAIA manager and then import the existing rules as not to lose them?

 

thanks 

0 Kudos
1 Solution

Accepted Solutions
Highlighted
Admin
Admin

Re: Manage old firewall R77.30 and keep existing rule set

Jump to solution

If you can get to the old manager, then yes, there are ways to pull the configuration off.
The problem is that it's kind of an "all or nothing" proposition and there may other configuration on that management server that you might not want.
Also there isn't really a way to "merge" management domains.
What I would do is something like:

  1. migrate export the configuration using the migration tools from whatever R80.x version will be your target.
  2. Build a new R80.x manager as a VM and migrate import the R77.x configuration.
  3. Remove the unnecessary configuration in SmartConsole (e.g. rulesets, objects, etc).
  4. Use this tool to export the remaining configuration and import into your target management: https://community.checkpoint.com/t5/API-CLI-Discussion-and-Samples/Python-tool-for-exporting-importi...

View solution in original post

3 Replies
Highlighted
Admin
Admin

Re: Manage old firewall R77.30 and keep existing rule set

Jump to solution
Changing the SIC is easy enough.
Importing the old ruleset is not possible, except possibly with the help of Check Point Professional Services.
You can look around in $FWDIR/state and find some of the details necessary to reconstruct said policy.
There is no easy import tool that I'm aware of.
0 Kudos
Highlighted

Re: Manage old firewall R77.30 and keep existing rule set

Jump to solution

Thanks - what if I can get on the old manager? Is there a way to export a policy from that one and import into new manager before changing SIC over?

 

thanks 

0 Kudos
Highlighted
Admin
Admin

Re: Manage old firewall R77.30 and keep existing rule set

Jump to solution

If you can get to the old manager, then yes, there are ways to pull the configuration off.
The problem is that it's kind of an "all or nothing" proposition and there may other configuration on that management server that you might not want.
Also there isn't really a way to "merge" management domains.
What I would do is something like:

  1. migrate export the configuration using the migration tools from whatever R80.x version will be your target.
  2. Build a new R80.x manager as a VM and migrate import the R77.x configuration.
  3. Remove the unnecessary configuration in SmartConsole (e.g. rulesets, objects, etc).
  4. Use this tool to export the remaining configuration and import into your target management: https://community.checkpoint.com/t5/API-CLI-Discussion-and-Samples/Python-tool-for-exporting-importi...

View solution in original post