This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
TSOL
Advisor
‎2024-06-24 10:06 PM

How to add new Qumatum gateway on running smart-1 appliance

Hello Team,

 

We would like to replace the existing Fortigate with a Checkpoint Quantum.

And we would like  to add "configured Qunatum Gateway"  on running smart-1.

Therefore, we have considered the migration process as follows. Please let us know if anything is incorrect.

 

1.We counfigure a temporaly Smart-1 environment because the configuration place and running place are in  different network.

2.We get the existing Fortigate configuration, and we convert the configuration using the SmartMove tool by Checkpoint.

3.We configure the Quantum Gateway to connect to a temporary Smart-1 environment.

4.We import the configuration, including the policies and objects created by the SmartMove tool, into the temporary Smart-1 environment.

5.We check the policies and objects in the temporary environment.

6.After the check is completed, we export the configuration using the Checkpoint 'migrate export' command from a temporary Smart-1 environment.

7.We move the appliance from the temporary to the running environment, and Then we connect the moved Quantum to the running environment using SIC.

8.We import the configuration to the running Smart-1 environment using the 'migrate import' command.

9.We cut over from the existing Fortigate to the new Quantum and check using the running environment.

0 Kudos
9 Replies
emmap
Employee
Employee
‎2024-06-24 10:24 PM

When you say 'running Smart-1 environment', you mean an existing management server that is already managing policies and gateways? If so, you can't 'migrate import' (the new command is migrate_server for this) from one server to merge into an existing one, this tool is for moving a complete management database from an existing server to a fresh one. If you try this you may end up losing all the existing configurations from the target server. 

I suggest that after you test the procedure with your temporary management server, you will have to then re-run the same import from SmartMove into the existing management server. You don't need the gateway to do this, the objects and policy will import into the management server for review for you do check over before moving to the next step of building up the gateway and installing the policy over to it. 

0 Kudos
TSOL
Advisor
‎2024-06-25 12:12 AM
In response to emmap

Dear emmap,

Thank you for the reply.

Yes, 'running Smart-1 environment' is "an existing management server that is already managing policies and gateways."

I understood that the migrate server command is used for restore or complete new setups, so I thought it might not be suitable for this migration, which is why I asked.

In this case, should we import into the running Smart-1 appliance using "(5) How to Complete the Migration" with "sk115416"?

 

0 Kudos
emmap
Employee
Employee
‎2024-06-25 12:26 AM
In response to TSOL

Yes, after testing it in your temporary Smart-1 and taking a snapshot of the running Smart-1.

0 Kudos
TSOL
Advisor
‎2024-06-25 09:19 PM
In response to emmap

Thank you for the reply.

Does this mean using SmartMove to import the config extracted from the temporary Smart-1 after testing into the running Smart-1?

0 Kudos
emmap
Employee
Employee
‎2024-06-26 07:54 PM
In response to TSOL

No it means testing the SmartMove import on your temporary Smart-1 and then when you have tested it and it's not causing any issues, run the same thing against the running Smart-1.

0 Kudos
TSOL
Advisor
‎2024-06-27 01:25 AM
In response to emmap

OK. I understood. thanks.

0 Kudos
the_rock
Legend
Legend
‎2024-06-26 08:11 PM
In response to TSOL

What I did last time I did this for customer was take their Cisco confir, use smart move to convert to CP, import that config into my CP mgmt lab and then use script from smart-1 portal to import lab mgmt config into smart-1 environment. Done 🙂

If you need help, message me directly, we can do remote.

Andy

0 Kudos
TSOL
Advisor
‎2024-06-27 01:25 AM
In response to the_rock

Hi the_rock

 

Thanks you for the reply.

Yes. Which SK should we refer to for that script?

We also want to migrate from temporary Smart-1 to the running smart-1.

0 Kudos
the_rock
Legend
Legend
‎2024-06-27 04:46 AM
In response to TSOL

I dont believe there is script for it, its one from the portal itself once you log in.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top