- Products
- Learn
- Local User Groups
- Partners
- More
Access Control and Threat Prevention Best Practices
5 November @ 5pm CET / 11am ET
Ask Check Point Threat Intelligence Anything!
October 28th, 9am ET / 3pm CET
Check Point Named Leader
2025 Gartner® Magic Quadrant™ for Hybrid Mesh Firewall
HTTPS Inspection
Help us to understand your needs better
CheckMates Go:
Spark Management Portal and More!
Hello guys,
I would like to test how migration works if I want to migrate all CMAs inside R77.30 MDS to the R80.20 MDS.
I have working R77.30 MDS with around 5 CMAs (clusters + VSXs).
It is possible to run R80.20 Check Point Pre-Upgrade Verifier tool from R77.30 MDS level ? I mean, to verify all CMAs at once to check if I have any errors and/or warnings.
The syntax of PUV is as follows:
[Expert@MDS:0]# ./pre_upgrade_verifier
This is Check Point Pre-Upgrade Verifier for version R80.20.
Usage: pre_upgrade_verifier -p SecurityManagementPath -c CurrentVersion -t TargetVersion [-u | -a][-f FileName] [-w]
Or: pre_upgrade_verifier -p SecurityManagementPath -c CurrentVersion -i [-f FileName] [-w]
-p Path of the installed Security Management Server (FWDIR).
-c Currently installed version.
-t Target version.
-i Check originality of Inspect files only.
-u Perform plug-in related checks.
-a Skip main train version checks, perform plug-in related checks only.
-f Output in file.
-w Web format file.
I have used "-p" argument to choose exact CMA path. There is no way how to say R80.20 PUV that I would like to run it for all CMAs found on R77.30 MDS ?
Once all R77.30 CMAs are "green" based on R80.20 PUV, what is the correct way to move all R77.30 CMAs to the new R80.20 MDS ? Using "migrate export" I can export only 1 CMA, or ?
Check Point has so many tools available (migrate, upgade, mds_backup, cma_migrate) for specific scenarios that I am confused which one is for what purpose...
Thanks for every comment.
You meant to mds_export and mds-import 
it is part of the upgrade guide Upgrading one Multi-Domain Server
This one : Upgrading one Multi-Domain Server with Advanced Upgrade
You can use cpuse to verify it 
To do the upgrade, I will recommend to collect backup on a remote site and to upgrade all at once.
In order to use pre_upgrade_verifier , I think that is should be done as follow: please check if this R80.20
extract the migrate_tool , chmod 777 * OR chmod +x pre_upgrade_verifier
source $MDS_CPDIR/tmp/.CPprofile.sh
source $MDS_SYSTEM/shared/bin_definitions.sh
TMOUT=0 ; export TMOUT
COLUMNS=256 ; export COLUMNS
#For MDMS (CMAs)
for CMA in $($MDSVERUTIL AllCMAs | sort ); do
mdsenv "$CMA"
mcd tmp
/home/admin/migrate_tool/pre_upgrade_verifier -p $FWDIR -c R77 -t R80.20
done
# for MDM (MDS)
mdsenv
mcd tmp
/home/admin/migrate_tool/pre_upgrade_verifier -p $FWDIR -c R77 -t R80.20
Nice idea to create script to check all CMAs 
Just want to mention that I dont want to upgrade MDS. I have one R77.30 MDS and I would like to move all R77.30 CMAs to the freshly installed R80.20 MDS.
I will try "mds_backup" on R77.30 and "mds_restore" on R80.20, but I am almost 100% sure it will fail because the version is not the same...
You meant to mds_export and mds-import 
it is part of the upgrade guide Upgrading one Multi-Domain Server
This one : Upgrading one Multi-Domain Server with Advanced Upgrade
Exactly what I was looking for 
I will check it and do accordingly.
Thank you very much !
A couple of additional resources:
Migrating from R77.30 to R80.10 Using Advanced Upgrade Procedure
MDS R77.30 to R80.10 Upgrade Recommendations
is there an easy way to upgrade large-scale environments to R80.10?
https://community.checkpoint.com/message/17497-re-r8010-mdm-import
They are about R80.10, but most notes and recommendations would be helpful for you with R80.20, I think.
In facf all the steps for R80.20 are provided in link mentioned by ofirsea040d26-f1f2-3b12-9fc6-5c89debaf56c:
Installation and Upgrade Guide R80.20
To sum it up:
 
 The script "mds_setup" will check all created CMAs for possible errors and warning, including Global Policy.
Here is report from R80.20 mds_import.sh tool:
Summary of Upgrade operation:
=====================================================================
Import operation started at: Fri Sep 28 21:51:45 CEST 2018
Multi-Domain Server databases - Success
Import operation for Multi-Domain Server finished at: Fri Sep 28 22:16:04 CEST 2018
Domain Management Server cma_VPN database - Success
Import operation for cma_VPN finished at: Fri Sep 28 22:24:34 CEST 2018
Domain Management Server cma_test database - Success
Import operation for cma_test finished at: Fri Sep 28 22:33:16 CEST 2018
Domain Management Server cma_VSX database - Success
Import operation for cma_VSX finished at: Fri Sep 28 22:42:02 CEST 2018
Domain Management Server cma_imported database - Success
Import operation for cma_imported finished at: Fri Sep 28 23:57:47 CEST 2018=====================================================================
--------------------------------------------------------------------------------
Import operation ended successfully.
The Multi-Domain Server can be started now.
Please note that first startup takes considerably longer than subsequent starts.
--------------------------------------------------------------------------------
DONE.
Well, the migration from R77.30 MDS to R80.20 MDS went smoothly (relatively).
At the moment, I have problem that after migration I cannot login into R80.20 SmartConsole, because following error:

API is also not working, because:
[Expert@MDS_R8020:0]# api status
API Settings:
---------------------
Accessibility: Require ip 127.0.0.1
Automatic Start: EnabledProcesses:
Name State PID More Information
-------------------------------------------------
API Started 23177
CPM Started 6839 Check Point Security Management Server is running and ready
FWM Started 17075
APACHE Started 4964Port Details:
-------------------
JETTY Internal Port: 50276
APACHE Gaia Port: 443
--------------------------------------------
Overall API Status: Started
--------------------------------------------API readiness test FAILED. The server is down and unable to receive connections!
Notes:
------------
To collect troubleshooting data, please run 'api status -s <comment>'
Once I want to add new Administrator from "mdsconfig", it shows that "Authentication to Server 127.0.0.1 failed.".
It is worth to mention, that my R77.30 MDS has leading IP address 192.168.135.10, but my R80.20 has 192.168.135.99.
During migration process, I was asked to change IP:
Multi-Domain Server IP address is 192.168.135.10 while your machines IP is 192.168.135.99.
Would you like to change your Multi-Domain Server IP address to 192.168.135.99 [yes/no] ? yes
Not sure if this can be somehow related ... I can do fresh install on R80.20 and configure it to use the same IP as my R77.30 MDS.
I'm using the same IP on my MDM.
Might be interesting to check How to change the IP address of a Multi Domain Management Server
Also, did you check if there is a license issue? # mdsenv ; cplic print
OK, I did test and I have created new R80.20 MDS with the same hostname, the same IP address.
After FTW on R80.20 MDS I didnt put licenses.
Once migration was completed, I see that I have licenses from migrated R77.30 MDS and all is working correctly from now on.
During my first try I have put eval licenses on R80.20 MDS. After migration has been completed, I have removed the old licenses with wrong IP addresses. There were 2 lics assigned to IP 192.168.135.10 and 2 lics assigned to 192.168.135.99.
I will validate it further.
Hi ofirsea040d26-f1f2-3b12-9fc6-5c89debaf56c,
The original issue with "Authentication to Server 127.0.0.1 failed." was solved by How to change the IP address of a Multi Domain Management Server .
It may be also related to the fact that I have MDS HA available and Primary MDS has IP 192.168.135.10 and Secondary MDS has IP 192.168.135.99. I did migration from 192.168.135.10 to .99, which might cause some troubles, because at the moment I have both MDSs with the same IP 
Anyway, you helped a lot and I would like to thank you !
 
					
				
				
			
		
Leaderboard
Epsum factorial non deposit quid pro quo hic escorol.
| User | Count | 
|---|---|
| 22 | |
| 16 | |
| 6 | |
| 4 | |
| 3 | |
| 3 | |
| 3 | |
| 2 | |
| 2 | |
| 2 | 
Wed 22 Oct 2025 @ 11:00 AM (EDT)
Firewall Uptime, Reimagined: How AIOps Simplifies Operations and Prevents OutagesTue 28 Oct 2025 @ 11:00 AM (EDT)
Under the Hood: CloudGuard Network Security for Google Cloud Network Security Integration - OverviewWed 22 Oct 2025 @ 11:00 AM (EDT)
Firewall Uptime, Reimagined: How AIOps Simplifies Operations and Prevents OutagesTue 28 Oct 2025 @ 11:00 AM (EDT)
Under the Hood: CloudGuard Network Security for Google Cloud Network Security Integration - OverviewTue 28 Oct 2025 @ 12:30 PM (EDT)
Check Point & AWS Virtual Immersion Day: Web App ProtectionAbout CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY