- CheckMates
- :
- Products
- :
- General Topics
- :
- Migrating from VSX to non VSX
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Migrating from VSX to non VSX
Here we have a R80.20 VSX Cluster in VSLS. The VS responsible for Internet web browsing is to be taken out of VSX to be put on a cluster of two Check Point appliances in an attempt to have more stability (and performance).
The VS uses the following blades/functionnalities:
- Firewall
- App Control
- URL Filtering
- HTTPS Inspection
- Identity Awareness (+sharing identities with others)
- Monitoring
- IPS
- Anti-Virus
- Anti-Bot
The plan is to create a new firewall on the new cluster, "turn off" the VS by deleting all the interfaces but one (and changing its IP) and then "turn on" the new firewall. We plan on keeping the same IP addresses and using the exact same policy by just modifying the target.
We'll keep an eye for ARP cache entries that might need to be flushed. And we are going to work something for the HTTPS Inspection certificate.
Do you guy have some recommendations or some points to be carefull about?
Thanks!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
On the HTTPS Certificate Authority front, this one is just set the HTTPS CA from the SmartConsole and push policy.
We turned off the vlans on the switch interface towards the VSX box and switch the switch interfaces on to the new cluster.
This allowed us to prepare the cluster and push the policy already before the actual migration.