Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Harmesh_Yadav
Collaborator
Jump to solution

Configuration Migration From Checkpoint 4200 Appliance to CP 4800 Appliance

Dear Team, I have 4200 Checkpoint Appliance with GW+MGMT both Role and i have collected version informaiton from CLI which is below ------------------------------------------ [Expert@FW01]# fw ver -k This is Check Point VPN-1(TM) & FireWall-1(R) R75.47 - Build 171 kernel: R75.47 - Build 001 [Expert@FW01]# [Expert@FW01]# fwm ver This is Check Point Security Management Server R75.47 - Build 016 Installed Plug-ins: Management Enhancements, Check Point Security Gateway 80 s eries R75.20 [Expert@FW01]# [Expert@FW01]# cprinstall get FW01 Checking connectivity... Verified Operation completed successfully Updating machine information... Update successfully completed 'Get Gateway Data' completed successfully Operating system Major Version Minor Version ---------------------------------------------------------------------------- SecurePlatform R75.46 R75.46 Vendor Product Major Version Minor Version ------------------------------------------------------------------------------------ Check Point Security Gateway R75.40 R75.40 Check Point Security Gateway R75.40 R75_47 Check Point Security Gateway R75.40 FOXX_HF_HA47_017 Check Point SecurePlatform R75.40 R75.40 Check Point Performance Pack R75.40 R75.40 Check Point Performance Pack R75.40 R75_47 Check Point Mobile Access Blade R75.40 R75.40 Check Point Mobile Access Blade R75.40 R75_47 Check Point SmartEvent and SmartReporter Suite R75.40 R75.40 Check Point SmartEvent and SmartReporter Suite R75.40 R75_47 Check Point Management Portal ------------------------------------------------------------------------------------ I want this same OS on CP Device 4800 and Also need to migrate same configuration into 4800 from 4200 SO Please let us know what os i have to download and what process i have to do after that Thanks in advance. Harmesh Yadav
Harmesh Yadav
3 Solutions

Accepted Solutions
PhoneBoy
Admin
Admin
The downloads for R75.47 SPLAT are here: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
They are listed under the section "R75.47 Downloads for other platforms" which is hidden from view by default.
As for any hotfixes that may be on the 4200, use cpinfo -y all to check.
You will have to download the relevant ones from SecureKnowledge and/or obtain them from TAC.

View solution in original post

PhoneBoy
Admin
Admin
The OS configuration migration is covered here: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

For the standalone gateway, I believe you can use the R77.30 migration tools migrate export/import from the 4200 to the 4800.

View solution in original post

PhoneBoy
Admin
Admin
Migrate export must be done using the version of the tools that you intend to migrate to.
So, for example, if you're planning to migrate a R75.47 configuration to R77.30, you need to use the R77.30 version of the migration tools to do the export/import.

View solution in original post

18 Replies
Harmesh_Yadav
Collaborator
This Device is not in HA its standalone device .
Harmesh Yadav
0 Kudos
Daniel_Taney
Advisor

Is this appliance on GAIA? Are you trying to go straight to R80.20 on the 4800?

R80 CCSA / CCSE
Harmesh_Yadav
Collaborator

Dear Team ,

 

I need Same OS which is running in PResent Device 4200 which version details i have shared in first post

 

SO what is the process to do same os and same configuration into 4800

Harmesh Yadav
0 Kudos
Daniel_Taney
Advisor

Downloads for R75.47 are under this sk and details of the last developed HFA are here. But it looks like TAC needs to supply this HFA.

If you are going to use the same physical / logical interface layout, you can probably do a save configuration on the old GW and do a load configuration on the new one. If the Interfaces won't map out the same way, you'll have to recreate your network topology via WebUI on the 4800. I'd do all this just connected locally to the 4800 via a laptop or console and not on the network so you can assign the same IPs.

Once the GAIA config is set, edit the GW properties in SmartDashboard and reset SIC on the existing Gateway object. 

Disconnect the old appliance from the network and connect the new one in its place. Re-establish SIC with the new Gateway. Perform a "Get Interfaces" to pull in the correct network topology. Push policy to the Gateway.

You should be back up at this point on the new GW.

It is probably worth throwing out the usual disclaimer that this CP version is unsupported and the 4000's are end of support on 6/2022. Support Life Cycle Policy

R80 CCSA / CCSE
Harmesh_Yadav
Collaborator

Dear Team,

 

As i see in output its showing SPLAT OS RIGHT SO which link you have given that is Gaia OS .

 

SO its correct one or not can you please confirm?

Harmesh Yadav
0 Kudos
Harmesh_Yadav
Collaborator

[Expert@FW01]# cprinstall get FW01

Checking connectivity...
Verified
Operation completed successfully
Updating machine information...
Update successfully completed
'Get Gateway Data' completed successfully

Operating system Major Version Minor Version
----------------------------------------------------------------------------
SecurePlatform R75.46 R75.46

Vendor Product Major Version Minor Version
------------------------------------------------------------------------------------
Check Point Security Gateway R75.40 R75.40
Check Point Security Gateway R75.40 R75_47
Check Point Security Gateway R75.40 FOXX_HF_HA47_017
Check Point SecurePlatform R75.40 R75.40
Check Point Performance Pack R75.40 R75.40
Check Point Performance Pack R75.40 R75_47
Check Point Mobile Access Blade R75.40 R75.40
Check Point Mobile Access Blade R75.40 R75_47
Check Point SmartEvent and SmartReporter Suite R75.40 R75.40
Check Point SmartEvent and SmartReporter Suite R75.40 R75_47
Check Point Management Portal

Harmesh Yadav
0 Kudos
Daniel_Taney
Advisor

If you are going to move to different hardware, is there a reason why you need to keep it on SPLAT?

R80 CCSA / CCSE
Harmesh_Yadav
Collaborator

Write now as per customer requirement , They wanted to migrate their datacentre to different location 

 

SO we have to make same device configuration with same os and make it live to other location , Once it will working properly customer will give us to do further ugprade 

 

But As of now we have one option to migrate with same os and same config to 4800 from 4200

 

 

Harmesh Yadav
0 Kudos
Daniel_Taney
Advisor

You may need to open a case with TAC... unless I'm blind (entirely possible 😀), I don't see a link for the SPLAT version anywhere... just the GAIA ones.

R80 CCSA / CCSE
PhoneBoy
Admin
Admin
The downloads for R75.47 SPLAT are here: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
They are listed under the section "R75.47 Downloads for other platforms" which is hidden from view by default.
As for any hotfixes that may be on the 4200, use cpinfo -y all to check.
You will have to download the relevant ones from SecureKnowledge and/or obtain them from TAC.
Harmesh_Yadav
Collaborator

I started instalaltion of Operating system in 4800 appliance 

 

What is the best way to backup of 4200 and restore in 4800

 

I have upgrade export , in this case system backup will work or not ?

 

OR In gaia we are taking backup of configuration command from

show configuration command 

 

so for show configuration what command will user in secure plateform ?

 

 

Harmesh Yadav
0 Kudos
G_W_Albrecht
Legend
Legend

See here: sk54100: How to back up your system on SecurePlatform

CCSE CCTE CCSM SMB Specialist
Harmesh_Yadav
Collaborator

Dear Team ,

 

Thanks for your great support ,

 

Actually i have downloaded Same ISO (SPLAT R45.47) which is in Hardware 4200  and Taken System Backup of 4200 , Then  Clean install os to 4800 device and tried to restore system backup which is taken from 4200 but no success, I try to convince to customer that we should run upgrade version in new 4800 which will be better for future manageability .

 

So , Now I will Install Clean Installation OF R77.30 in 4800 Checkpoint Device , then i need to migrate all configuration of 4200 to 4800

for that i need help from you , Need Exact step for this migration which i can follow and do successfully migration from splat to Gaia .

Harmesh Yadav
0 Kudos
PhoneBoy
Admin
Admin
The OS configuration migration is covered here: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

For the standalone gateway, I believe you can use the R77.30 migration tools migrate export/import from the 4200 to the 4800.
Harmesh_Yadav
Collaborator

Dear Team ,

 

1. For OS MIgration i have used ''Migration from Secure Platform OS to Gaia OS ''  - Follow Procedure and could not complete configuration only user related configuration found for gaia , So i configured network and static route manually,

 

2. Database - I have taken migration export from secure platform and tried to import but we got error on that ,

 

Is there any other way to do this activity with success?

 

Extracting the database...

Database export was done with migration tools for different version.
You must export and import database with migration tools for version
installed on destination machine.

Execution finished with errors. See log file '/opt/CPshrd-R77/log/migrate-Fri_Apr_12_19-36-27_2019.log' for further details

 

Regards,

Harmesh Yadav

 

Harmesh Yadav
0 Kudos
PhoneBoy
Admin
Admin
Migrate export must be done using the version of the tools that you intend to migrate to.
So, for example, if you're planning to migrate a R75.47 configuration to R77.30, you need to use the R77.30 version of the migration tools to do the export/import.
Jerry
Mentor
Mentor
interesting posts chaps ... should I show you my 4800 appliance running "cpinfo -y all" - stand-alone installation of R80.20 as well as another cluster with SMS on separately running VM on R80.10 VSX hooked up to VSX Cluster on 2 x 4800's. So what's wrong with it? 🙂

I have no clue why you claim that officially CP does recommend to use maximum of R77.30 on 4000s whilst if you only tweak that box's a little you can do all the magic on R80.xx.

"hope I didn't offended anyone as my opinion are personal and does express my own feelings and thoughts"
Jerry
Harmesh_Yadav
Collaborator

Dear Team,

 

Thanks for your help

 

we have successfully done activity

copy upgrade tool folder to splat device

from cli went to this directory

and entered  ./migrate export NAME

and we have restored this file to new Checkpoint Gaia 77.30 device with success.

 

For GAIA GUI all configuration which not migrated but we willdo remaining config manually thank you very much to solve my issue.

Harmesh Yadav
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events