- Products
- Learn
- Local User Groups
- Partners
- More
Firewall Uptime, Reimagined
How AIOps Simplifies Operations and Prevents Outages
Introduction to Lakera:
Securing the AI Frontier!
Check Point Named Leader
2025 Gartner® Magic Quadrant™ for Hybrid Mesh Firewall
HTTPS Inspection
Help us to understand your needs better
CheckMates Go:
SharePoint CVEs and More!
Hello,
I have a SMS version R80.10 running on a Smart-1 410 appliance (and a pair of R80.10 gateways running on 5600 appliances). I want to do an advanced upgrade with migration and I will do it for my SMS first. Since this is quite complex two steps process, doing first R80.10 - -> R80.40 with old ./migrate export tools and R80.40 - -> R81 with new ./migrate_server tools as a second step, I want to do it offline, to migrate my database to R81 virtual machine, assure that I can load my existing policy in R81 version before deploying it in my production network. So, in other words, my plan is to do all the migration offline, check if my policy is loading in R81 version and prepare ./migrate_server export from R81. If everything runs OK, I will reinstall Smart-1 410 from the scratch with R81 ISOMorphic tool and do ./migrate_server import owith already prepared database.
R80.10 - - > R80.40 went fine, but when I try export R80.40 - -> R81 I run into some troubles with licences. After the ./migrate_server import on a brand new R81 virtual machine, I do not see my licences, even trial 15-day licences are not valid any more. It seems that old migrate export tool always contains the license of the time of the DB export from SMS, but it is not the case for the new ./migrate_server tool. I tried it several times, and each time I got this message trying to connect with SmartConsole (see attached picture).
Is there some possibility to also transfer the licences with the new ./migrate_server tools as it was the case with old ./migrate tools?
If you’re doing this in a VM based on what’s coming from a physical Check Point appliance, the license is only valid for that specific appliance, not in a VM.
You can confirm the licenses came over by doing a cplic print from the CLI.
If no licenses came over (I.e. cplic print is empty), that’s a bug and the TAC should be engaged.
You can apply an All-In-One Eval license to your VM after you perform the migration to confirm the rest of the configuration came over correctly.
If you’re doing this in a VM based on what’s coming from a physical Check Point appliance, the license is only valid for that specific appliance, not in a VM.
You can confirm the licenses came over by doing a cplic print from the CLI.
If no licenses came over (I.e. cplic print is empty), that’s a bug and the TAC should be engaged.
You can apply an All-In-One Eval license to your VM after you perform the migration to confirm the rest of the configuration came over correctly.
Thanks @PhoneBoy for you explanation, you are right, I took the migrate export from the physical CheckPoint appliance and tried ./migrate_server import into a VM. I now understand the reason why it does not work. I have checked cplic print, it only shows trial license, so real licences are not valid here. Thanks for your help, I will try to do an upgrade with the All-In-One Eval license.
Wait a second...if you did ./migrate export and import, that always imports the licenses from original server. I had done it many times and that was always the result. Are you saying it did NOT move over original licenses to a new server?
As stated above by PhoneBoy: the export from an appliance can not include licenses valid for VMs, only licenses for an appliance with the same MAC address.
Ok, I see what you are saying...never really paid attention to that before, but I guess it makes sense : )
Technically, no. MAC is an ID of your appliance licenses, but they are enforced by IP address. Running appliance license or an open server/VM is still a violation of your service agreement though.
FYI, you don’t apply the eval license after the migrate_server import.
Thanks @PhoneBoy I will apply the eval license first.
Actually, I had that incorrect: you do it after. 😬
I got it, thanks @PhoneBoy
Leaderboard
Epsum factorial non deposit quid pro quo hic escorol.
User | Count |
---|---|
14 | |
12 | |
11 | |
9 | |
8 | |
7 | |
5 | |
5 | |
5 | |
5 |
Tue 07 Oct 2025 @ 10:00 AM (CEST)
Cloud Architect Series: AI-Powered API Security with CloudGuard WAFThu 09 Oct 2025 @ 10:00 AM (CEST)
CheckMates Live BeLux: Discover How to Stop Data Leaks in GenAI Tools: Live Demo You Can’t Miss!Thu 09 Oct 2025 @ 10:00 AM (CEST)
CheckMates Live BeLux: Discover How to Stop Data Leaks in GenAI Tools: Live Demo You Can’t Miss!Wed 22 Oct 2025 @ 11:00 AM (EDT)
Firewall Uptime, Reimagined: How AIOps Simplifies Operations and Prevents OutagesAbout CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY