cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
AkosBakos
Ivory

R77.30 Management HA to Standalone MGMT on VMware

Dear All,

I would like to ask you for a little help.

I have az R77.30 Management and gateway HA on separate 4400 appliance.

Yes, GW and the MGMT are on the same appliance. So, I have 2 appliances only, therefore I want to create a distributed installation.

Is there any step-by-stey guide how to do it?

 

I have less then 80 rules in the Security Policy and 20 NAT rules only.

A hands-on solution would be to copy rules manually to a new Managagemet, and forget this MGMT HA conversion. It can take 2 hours not more.

But there is one problem, I have five S2S VPNs which have pre-shared key. Of course, I don't know these secrets. They are reallly old.... and nnot documented.....

Can I somehow copy/export only the VPN rules especially the secrets?

Any tips are welcome 🙂

 

Akos

 

0 Kudos
3 Replies

Re: R77.30 Management HA to Standalone MGMT on VMware

0 Kudos
AkosBakos
Ivory

Re: R77.30 Management HA to Standalone MGMT on VMware

Hi G_W_Albrecht,

Thank you for your answer, after my post I found this article.

And what about the manual rulebase copy?

Do you have any idea how to do it effectively ,because I have less then 80 rules.

With the manual copy, the one and only problem is the unknown pre-shared keys. How can I "mine" them from old policy?

BR,

Akos

0 Kudos
Highlighted
Vladimir
Pearl

Re: R77.30 Management HA to Standalone MGMT on VMware

You can attempt to recover secrets by following this thread:

https://community.checkpoint.com/t5/General-Management-Topics/Shared-Secret-in-clear-text/td-p/7919

 

0 Kudos