This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Ofer_Barzvi
Employee
Employee
‎2023-07-04 02:55 AM

Cloning an existing Domain on the same Multi-Domain Security Management Server

Hi everyone,
 

My name is Ofer Barzvi and I'm a Team Leader in Check Point R&D.

I'm happy to share that recently we released a new version of Upgrade Tools for R81.10 and R81.20 with the ability to clone an existing Domain on the same Multi-Domain Security Management Server.

With these tools, you perform the cloning operation with the Management APIs export-management and import-management.
In the next R8x release, the cloning operation will be available in SmartConsole and with the new Management API call 'clone domain'.

For instructions, refer to sk180631 (the procedure will also be added to the relevant Administration Guides).

If you have questions about the Clone Domain operation, reply in this post.

 

Thank you

 

Labels
(2)
2 Replies
MSpA
Participant
Participant
Wednesday

Hi Ofer,

I recently discovered this SK, and it would be really useful for me because I need to migrate an SMS to MDS, but divided into three CMAs. Thanks for your work!

So, I have created a first domain where I have most of the Gateways, and from this, a clone would be useful so that I don’t lose all the objects I need to replicate, such as Identity Providers, Account Units, Access Roles, etc.

However, I encountered issues on my first attempt. The upgrade_report returns: "Failed:null".

Looking into the cpm.elg log, I found this:
24/02/25 11:45:56,357 INFO management.upgradeRules.CloudShadowObjectPostUpgradeRule [taskExecutor-37]: This is the uid we are keeping e81f3860-1c3b-4b47-bf4a-991e6e4c510e
24/02/25 11:45:56,415 ERROR management.upgradeRules.CloudShadowObjectPostUpgradeRule [taskExecutor-37]: Failed to replace object c3296a78-ef54-4bde-82ce-21a19dbd548f with object e81f3860-1c3b-4b47-bf4a-991e6e4c510e java.util.InputMismatchException: got at least one duplicate UID in requested list, duplicates UIDs: [fc958e59-fa77-4d99-bfd8-36db44b31001]
24/02/25 11:45:56,430 ERROR upgrade.ngmImport.MigrateImportDomainTask [taskExecutor-37]: Domain migration failed for domain XXXXX - (id:bc2634fa-d328-40c6-9cd5-675db5d6673e) CpmGeneralException{base='com.checkpoint.management.is.exceptions.CpmGeneralException', errorCode='CP_ERR_UNSPECIFIED', errorFamily='null', messageForUser='got at least one duplicate UID in requested list, duplicates UIDs: [fc958e59-fa77-4d99-bfd8-36db44b31001]
Caused by: java.util.InputMismatchException: got at least one duplicate UID in requested list, duplicates UIDs: [fc958e59-fa77-4d99-bfd8-36db44b31001]

Further investigation revealed that the duplicated objects are all Updatable Objects, for example:
"uid" : "e81f3860-1c3b-4b47-bf4a-991e6e4c510e",
"name" : "Office365 Worldwide Services",
"type" : "updatable-object",

To work around this, I replaced all these objects in the rules with a temporary Host object, performed the export, and at that point, the import succeeded.

On my first attempt, I encountered many Validation Errors stating: "Dynamic Global Object cannot be in local domain". I think it also broke the Updatable Objects in some way because they lost their icons after the import.
Additionally, the Access Role objects lose their reference to the defined users.

Is there a way to solve these issues?

Thank you!

MSpA

0 Kudos
Tal_Paz-Fridman
Employee
Employee
Wednesday
In response to MSpA

@Ofer_Barzvi 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events