This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
hugothebas
Contributor
Contributor
‎2025-01-30 06:33 AM

How to split Endpoint database from SMS

Hello!

 

I have a situation where on the primary SMS, that manages all the gateways, customer have also enabled Endpoint Management, now they want to split functions, I mean, they want the SMS just for managing the gateways and a dedicated Endpoint Management Server to manage the endpoints and policies.

I could not find any documentation that describes this scenario.

If I just take a migrate export from SMS and import on the new server, I'll have all the unused objects and policies imported too, that's what I would like to avoid.

Is there a way that I can split the endpoints database from the SMS and import on a new server?

Thanks.


Best Regards,
Hugo Thebas
0 Kudos
11 Replies
the_rock
Legend
Legend
‎2025-01-30 07:56 AM

Super valid question...maybe TAC would have process for it, but personally, Im not aware of any method to "split" the database.

Andy

0 Kudos
Amir_Senn
Employee
Employee
‎2025-01-30 07:57 AM

Hi,

Not an EP expert, but have one question - do you want to move it to a completely different environment or just another machine?

I wonder if adding another Check Point Host to your environment and defining it as EP server might do the trick.

Kind regards, Amir Senn
0 Kudos
hugothebas
Contributor
Contributor
‎2025-01-30 09:35 AM
In response to Amir_Senn

Hello, Amir, the perfect solution would be as you said, on a new machine attached to the same environment, but the documentation says that for a dedicated EPM Server, I need to follow the installation procedure for a "Primary SMS", if that's true, I don't see how I can add another primary SMS to the actual environment.

Thanks!


Best Regards,
Hugo Thebas
(1)
PhoneBoy
Admin
Admin
‎2025-01-30 08:23 AM

Suggest you consult with TAC for the correct procedure here.
As I recall, it depends on the client blades used.

0 Kudos
hugothebas
Contributor
Contributor
‎2025-01-30 09:38 AM
In response to PhoneBoy

Yes, I'm afraid I'll need to get in touch with TAC. I was avoiding it, because sometimes involving TAC requires much time. CheckMates would have been a faster solution.

Thanks anyway.


Best Regards,
Hugo Thebas
0 Kudos
the_rock
Legend
Legend
‎2025-01-30 09:42 AM
In response to hugothebas

I totally get what @Amir_Senn mentioned. Now, here is the issue you may encounter, in my humble opinion...so in your current situation, I bet option to uncheck endpoint is probably greyed out and not sure there is an easy way to do it. If there was, then you could indeed create another CP host and check endpoint option on that host.

Andy

0 Kudos
hugothebas
Contributor
Contributor
‎2025-01-31 01:29 PM
In response to the_rock

Hello @the_rock.

The problem here is that the "main" dedicated server needs to be a primary SMS, customer do have 2 more policy servers, but they can not be the main managers, and, of course, I can not have a second primary SMS on this environment.

Best Regards.


Best Regards,
Hugo Thebas
0 Kudos
the_rock
Legend
Legend
‎2025-01-31 05:24 PM
In response to hugothebas

I get it now. Not sure best process in that case...I would definitely check with TAC.

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2025-01-31 03:07 AM
In response to hugothebas

I can only find SKs about migrating from SMS + EPSS to Harmony Cloud EPS using a special migration script downloaded from Infinity EPS portal. I would assume that involving TAC will not delay this much, as we do not have an issue here but only need a supported procedure for this task that should be available. I remember that this is possible, but not the migration steps used. You could also ask your local CP SE for help.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
hugothebas
Contributor
Contributor
‎2025-01-31 01:27 PM
In response to G_W_Albrecht

Hello @G_W_Albrecht, if could share the sk you mentioned, that may be helpful.

I have also engaged TAC on this (case 6-0004184653), but I don't think there is an available procedure for this task, because the engineer asked for a migrate export and said he would replicate it in lab (as an exception, I understood) and he will try to do it for me, but he told that these kind of things are usually done by Professional Services.

I did ask for help to my local SE, but he didn't help me either.

This TAC case is my last hope.

 

Thank you!


Best Regards,
Hugo Thebas
0 Kudos
G_W_Albrecht
Legend Legend
Legend
a month ago
In response to hugothebas

I do not think they might be, but: https://sc1.checkpoint.com/documents/Infinity_Portal/WebAdminGuides/EN/Harmony-Endpoint-Admin-Guide/...

https://support.checkpoint.com/results/sk/sk179687

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events