This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Jones
Collaborator
Collaborator
Sunday
Jump to solution

How to perform Advanced Upgrade for CloudGuard Management version in Azure with a name and IP change

I have a SmartCenter on R81.20 on-premise and like to go to a CloudGuard Azure SmartCenter. The name and ip-address of the SmartCenter must change. The current name includes a character "-" that is not supported when creating a CloudGuard Azure SmartCenter and also the customer likes a new name for his new SmartCenter.

There is sk155632: How to perform Advanced Upgrade for CloudGuard Management version in AWS, Azure, or GCP (Side-by-Sid...

This SK does not describe how to deal with an hostname change.

 Then there is sk42071: Changing a Security Management (SmartCenter) Name (checkpoint.com)

So what is the recommend and supported path to go from on-premise SmartCenter to Azure CloudGuard SmartCenter with a new hostname and ip-address?

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
Monday
Jump to solution

Changing the IP of the management isn't an issue as the gateways will re-establish connectivity with the new management after a policy installation from the migrated management server.
Changing the hostname on your management will require resetting SIC as all the relevant certificates will need to be regenerated with the new name: https://support.checkpoint.com/results/sk/sk164055 
You can minimize the potential outage by employing this SK when resetting SIC on the individual gateways: https://support.checkpoint.com/results/sk/sk86521 

View solution in original post

4 Replies
PhoneBoy
Admin
Admin
Monday
Jump to solution

Changing the IP of the management isn't an issue as the gateways will re-establish connectivity with the new management after a policy installation from the migrated management server.
Changing the hostname on your management will require resetting SIC as all the relevant certificates will need to be regenerated with the new name: https://support.checkpoint.com/results/sk/sk164055 
You can minimize the potential outage by employing this SK when resetting SIC on the individual gateways: https://support.checkpoint.com/results/sk/sk86521 

the_rock
Legend
Legend
Monday
Jump to solution

You got the right answer from Phoneboy.

Andy

0 Kudos
Jones
Collaborator
Collaborator
Monday
In response to the_rock
Jump to solution

Thank guys. I was thinking about how to bypass the reSIC because there are a lot of gateways to reSIC, and there there are client VPN's and S2S VPN's in play.

In the R81.20 Installation and Upgrade Guide, it is described how to migrate an SMS to a DMS, and also from a DMS to SMS. When executing these two steps in order, a reSIC is not needed. The main CA will of course show the old name of the SmartCenter.

0 Kudos
PhoneBoy
Admin
Admin
Tuesday
In response to Jones
Jump to solution

You could theoretically perform the steps I suggested without reSICing and end up in the same basic place as that process.
Not entirely sure what issues result from the SIC name being different from the management hostname.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events