Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Mazin_D
Contributor

migrate fromR77.10 to R80.10

Hi

we have IP290 in clusterXL running R77.10, after hardware failure on the primary firewall, we have purchase checkpoint 5100 running R80.10. the management servers are installed on windows server, is there a tool to migrate the management server from R77.10 to R80.10 . i have tried R80.10 management server migration tool for windows, but every time i click on migrate, the windows open and quickly close without anything happening, am i doing anything wrong ? 

0 Kudos
12 Replies
PhoneBoy
Admin
Admin

The migration tools are CLI based and must be run as described in the upgrade documentation.
0 Kudos
Mazin_D
Contributor

thanks for the reply, the management server installed on windows server, how can I access the CLI ? my understanding that if the management server installed on windows server there is no access to CLI , am I wrong ?

0 Kudos
G_W_Albrecht
Legend
Legend

Windows does call it differently - command line ! In search for programs field, type cmd + Enter ---> here we are in DOS shell !

CCSE CCTE CCSM SMB Specialist
0 Kudos
Mazin_D
Contributor

thanks for the reply, I am able to run the migration tools from the CLI, I got a message to close all clients to security management server or execute CPSTOP , does we need an outage for that ? or that will not effect the live traffic as we are running the management server on windows ? 

0 Kudos
G_W_Albrecht
Legend
Legend

You have to stop only the Management Server - that one usually has not much to do ! Most important needed ressource from SMS is the CRL when doing VPN, see sk111140 for details. But this is not needed all the time for S2S VPNs, but for RA VPN connect.

CCSE CCTE CCSM SMB Specialist
Mazin_D
Contributor

thanks again , we don't have any VPN terminated on this firewall , its only the objects and polices and very few NATs. sorry if I am asking a lot of questions but I am not familiar with checkpoints, what file exactly I need to export ? is there a specific file or folder I need to export that contain the objects, polices and NATs ?

thanks in advance  

0 Kudos
G_W_Albrecht
Legend
Legend

If neither S2S nor RA VPN is used, you can stop services on SMS without thinking. Procedure is found in Installation and Upgrade Guide R80.10 p.73f:

Important! Make sure you have the latest version of the upgrade tools! Download the appropriate package from the Tools section in the Check Point R80.10 Support site http://supportcontent.checkpoint.com/solutions?id=sk111841 There is a different package for each operating system. 

When you open the upgrade_tools package, you see these files: Package 

Description 

migrate.conf 

Holds configuration settings for Advanced Upgrade / Database Migration. 

migrate 

Runs Advanced Upgrade or migration. 

pre_upgrade_verifier 

Analyzes compatibility of the currently installed configuration with the upgrade version. It gives a report on the actions to take before and after the upgrade. pre_upgrade_verifier -p $FWDIR -c <Current Version> -t <Target Version> 

migrate export 

Backs up all Check Point configurations, without operating system information. 

migrate import 

Restores backed up configuration. 

puv_report_generator 

Runs in the end of pre_upgrade_verifier and converts the text file to HTML. 

 

You can find more details about the export tools syntax in sk108902 - Best Practices - Backup on Gaia OS

If you want to keep old logs by including them in the migrate export, you will have to use the -l flag...

 

CCSE CCTE CCSM SMB Specialist
Mazin_D
Contributor

thanks you very much , I have export the old R77.10 . now I want to install the new R80.10 on a test windows server and import the DB to check everything is fine before install it on the SMS. I have download the R80.10 on that server , is there a way to run the installation within the server or I need to burn the package on a media and boot from the media ? really appreciate your help
0 Kudos
PhoneBoy
Admin
Admin

In R80.x, we do not support running management server on Windows OS.
You need to install Gaia on supported hardware or a virtual machine.
You still need Windows to run SmartConsole and related apps.
0 Kudos
PhoneBoy
Admin
Admin

The migration tools will copy all the necessary files/data to an archive file.
You then need to copy this archive file to your newly installed management server.
The migration tools on the target management server can then decompress this archive and convert the files/configuration to the necessary format and import it into the management server.
None of this should impact traffic passing through your gateways.
Gateways will log locally while the management server is stopped.

That said, why are you doing R80.10 and not R80.30, which is the current widely recommended release?
Mazin_D
Contributor

thanks for the reply , I understand the above. we have the SMS running the R77.10 on VM, I have exported the R77.10 using the migration tool. now to upgrade to R80.10 on the same VM, if I install the R80.10 on the same VM that will wipe the old version , won't it ?? is there a tool to do the trick ?? understand the above if I am doing it on different server , which I will do for test purpose
0 Kudos
PhoneBoy
Admin
Admin

If the management VM is running Windows, as is been implied throughout this thread, you CANNOT do an in-place upgrade of it to any version past R77.30 as this is the last version that runs on Windows.
See: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

You MUST install R80.30 (again, use this version instead of R80.10) in a brand new VM.
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events