This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
praveen0312
Explorer
2 weeks ago

Migrating Checkpoint Management Server from Hyper-V to AHV

Hello Checkmates,

We have a Checkpoint Security Management Server (Gaia R81.10 JHF 150) managing two 5400 Gateways (Gaia R81.10 JHF 150) in a high availability cluster. The current SMS is an open server in Hyper-V.  Our customer asked us to migrate all the servers we have in Hyper-V to Nutanix AHV. For this migration, Checkpoint TAC suggested me to build a new server in AHV and import the existing management database with migrate_server command to the new SMS in AHV.

I wanted to have your opinion on the below method. 

Instead of importing management database with migrate_server command can I use the snapshot of the existing SMS in Hyper-V to build the new SMS in AHV?  

0 Kudos
5 Replies
Chris_Atkinson
Employee Employee
Employee
2 weeks ago

A limitation of GAiA snapshots is that the source and destination hardware/appliance must be the same, so this would likely fall into unsupported territory.

CCSM R77/R80/ELITE
0 Kudos
PhoneBoy
Admin
Admin
2 weeks ago

migrate_server is the best way to do this, yes.
I would also install the "new" VM on R81.20 which has a more up-to-date installer that should improve disk I/O (only occurs on fresh installs). 

0 Kudos
praveen0312
Explorer
2 weeks ago
In response to PhoneBoy

Thank You @PhoneBoy  and @Chris_Atkinson 

Are there any prerequisites that I need to take care on the newly built server, before I import the database with migrate_server command?

I can keep the same IP address and Hostname as the old server. Does this impact the Licensing and SIC between the gateways and the new SMS? Or do I need to regenerate the license again and reestablish the SIC between the gateways and new SMS? 

0 Kudos
emmap
Employee
Employee
2 weeks ago
In response to praveen0312

If you keep the same IP and hostname you will not have to reset SIC. The licenses will also be transferred over with the migrate. 

0 Kudos
PhoneBoy
Admin
Admin
2 weeks ago
In response to praveen0312

migrate_server brings the licenses and SIC certificates across, so you don't lose anything there.
Even if you change the management IP address, simply pushing policy to the gateways from the new management will re-establish connectivity.
Depending on your policy configuration, you may need to perform an fw unloadlocal first (unloads security policy, so should be done in an outage window).

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events