This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
cramerst
Explorer
‎2024-02-02 02:10 AM

Connect running productive physical cluster and vsx cluster to a new installed SMS

Hello CheckMates Community,

does anyone have experience with Commissioning new SMS and running productive gateways without existing MDS or SMS?

What is the best way to connect two running Checkpoint two node clusters and one vsx two node cluster (2 vs) to a new created SMS. The policys  was exported from an MDS (other service provider) and imported on the new installed SMS. The SMS is a CP15400 Appliances. With as little downtime as possible.

The IP on the new SMS has been changed. I don't think that's possible without a breakdown. Management and gateways are located in different countries and data centers. Only a LOM Interfaces available on the external Gateways and the new CP15400 Management SMS and the LOM IP and the management GW IP must be exchanged before the new SMS system is put into operation. The biggest problem is the vsx cluster. It will probably have to be completely reinstalled.

I know CP15400 is not really suitable for the project. Does anyone have experience with such a change?

Best regards
Stefan

0 Kudos
4 Replies
CheckPointerXL
Advisor
Advisor
‎2024-02-02 12:23 PM

Hey bro

Did you see here sk167639 ?

0 Kudos
cramerst
Explorer
‎2024-02-05 01:47 AM
In response to CheckPointerXL

Many thanks for the tip. My problem is that I have no access to the previous MDS. It belongs to the previous service provider. Unfortunately, they only took over the firewall gateways. I was not involved in the project at the time.

0 Kudos
emmap
MVP Gold CHKP MVP Gold CHKP
MVP Gold CHKP
‎2024-02-04 10:20 PM

Suitability of 15400 as a management platform aside, you basically need to import the gateways as new devices. It might be a good time for a clean re-install of the software on them, just to start fresh - for the regular cluster you can do it one member at a time, just clean install one, create a new gateway cluster with just that fresh gateway, then do the other one. Unfortunately for VSX you cannot create a single-node cluster, and you won't be able to just re-SIC it as is, you'll need to rebuild it and recreate it all from scratch. If you can possibly borrow a suitable extra gateway to temporarily use to build the VSX cluster on the new SMS you can leave one of the existing cluster members running while you do the build, then swap it out afterwards.

0 Kudos
cramerst
Explorer
‎2024-02-05 01:50 AM
In response to emmap

Many thanks for the tip. I had already suggested this procedure to the project manager as I don't see any other solution. A completely new setup during a change also takes far too long.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events