Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Teddy_Brewski
Contributor

Maintenance of Management server

Jump to solution

Hello,

R77.30 Management server running on VMware ESX managing two R77.30 clusters.  I need to migrate the management server to a different data center with the estimated downtime around 2 hours + the MAC address will most probably change.

Assuming that no other changes are expected (the server name and IP remain intact) is there anything else I should be worried about prior to the migration (like SIC expiration for example?)?

Thank you.

0 Kudos
1 Solution

Accepted Solutions
Maarten_Sjouw
Champion
Champion

Teddy, if you do have VPN's based on certificates, make sure to push the policy before you begin. The actual timeout for those certificates is more that 3 days, so there should be no problem at all in leaving the gateways alone, without management, for more that a day. Been there, done that.

Regards, Maarten

View solution in original post

0 Kudos
5 Replies
Danny
Champion
Champion

If your VPNs are certificate based they could expire during the migration.

0 Kudos
Maarten_Sjouw
Champion
Champion

Teddy, if you do have VPN's based on certificates, make sure to push the policy before you begin. The actual timeout for those certificates is more that 3 days, so there should be no problem at all in leaving the gateways alone, without management, for more that a day. Been there, done that.

Regards, Maarten

View solution in original post

0 Kudos
Boris_Karnaukh
Participant

You would need to allow CheckPoint services from new SmartCenter IP before you do actual move.

In practice you can set up a new SmartCenter in new location and import there configuration well before you shut down your old SmartCenter. If you will be able to monitor your firewalls from new location you should be able to push policy as well.

0 Kudos
Danny
Champion
Champion

Teddy wrote that the IP remains intact.

0 Kudos
Alessandro_Marr
Advisor

Install a new SMS on other DataCenter and copy the logs from the old SMS, when you shutdown your old SMS change the IP of new SMS and check your connectivity from cluster of security gateway to new SMS. if necessary reset sync.

0 Kudos