Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Saul_Schwartz
Explorer

R77.30 to R80.10 upgrade/migration to new Smart-1?

My current environment is a Smart1 225 (HA) management station with about 8 gateways, all running R77.30. We purchased new Smart1 5050 appliances.

What are my options? Do I need to upgrade the Smart1-225 first, then export the DB to the new appliance? I'd prefer not to upgrade the Smart1-225's if at all possible and just cleanly move over to the 5050, and move SIC from each gateway to the new management station. 

0 Kudos
7 Replies
Ofir_Shikolski
Employee
Employee

Yes, you can export the database Smiley Happy 

Install the new Smart1 Gen5 machine with the same IP as the original MGMT(smart-1 225)

Add a license

Follow Upgrading a Security Management Server, Endpoint Security Management Server, or vSEC Controller 

You can follow Upgrading a Security Management Server with Advanced Upgrade

Shutdown the Smart-1 225

0 Kudos
JozkoMrkvicka
Mentor
Mentor

A few days ago I have asked the same question. In my case migration from R77.30 to R80.20:

MDS migration from R77.30 to R80.20 

To sum it up:

  1. Transfer R80.10 ISO to the R77.30 MDS
  2. Mount R80.10 ISO
  3. Run "<MOUNT_POINT>/linux/p1_install/mds_setup" script
  4. Follow on-screen wizard to create report (what are errors or warnings) and/or export itself
  5. Transfer export from R77.30 MDS to the R80.10 MDS
  6. Run command "$MDSDIR/scripts/mds_import.sh /var/log/exported_mds.<DATE>.tgz" on R80.10 MDS
  7. Wait ... Wait ... Wait ...

The script "mds_setup" will check all created CMAs for possible errors and warning, including Global Policy.

I am not sure about licenses. Once migrated, the original lics are also migrated, which means there will be wrong CK key (MAC of Mgmt interface)...

Kind regards,
Jozko Mrkvicka
0 Kudos
Maarten_Sjouw
Champion
Champion

When done just replace the license of the 225 with the license of the 5050.

Regards, Maarten
0 Kudos
_Val_
Admin
Admin

Advanced upgrade is always the best option. Keep older Smart-1 as is, move DB as part of advanced upgrade to the new boxes in the lab. Once they are up, replace the older SMSs. No SIC should be moved, it will work as before, unless you also want to change IPs of the management servers (not really needed)

0 Kudos
Maarten_Sjouw
Champion
Champion

Even if you change the IP's (only remember to allow the new IP full access to the Gateway before migration) you don't need to reset the SIC, it is moved along. Only other problem you have is the licenses, in central license scheme you will need to issue the licenses on the new CMA IP's and apply them after migration.

Done about 160 CMA's in the last year and a half.....

Regards, Maarten
0 Kudos
_Val_
Admin
Admin

Not only licenses. You need to adjust your policy BEFORE moving to new IP addresses, as the implied rules only cover pre-existing management objects with their old IP addresses. GW will refuse SIC requests from new MGMT IP addresses, unless you take care of that before migration.

That said, without changing IP addresses on the management side it is much easier

0 Kudos
Maarten_Sjouw
Champion
Champion

I think that is exactly what I said: (only remember to allow the new IP full access to the Gateway before migration)

Regards, Maarten
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events