- CheckMates
- :
- Products
- :
- Quantum
- :
- Management
- :
- Migrate 4400 R80.10 to 5900/6100 R80.10
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Migrate 4400 R80.10 to 5900/6100 R80.10
Hi there,
I am currently scoping out the timings and requirements and basic process for the migration from a 4400 appliance to a replacement device (either 5900 or 6100, pending exec decision) and would like to know if this is something anyone has prepared already, or could provide any guidance on gotcha's or specific things to watch out for when working through it?
Also, for anyone that may have done this before, what kind of timeframe did you allow for the migration (both live and outage if possible)?
2 Replies
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
To be honest, the amount of time migrating from one type of appliance to another doesn't vary too much based on the appliance type. If you're dealing with VSX or one of the Scalable Platforms, that could make things more complicated.
One factor to consider is: how much downtime is allowable. If you want to minimize it, then you'll probably want to temporarily enable the "Allow Out of State" Global Properties for TCP and UDP traffic so that in-process connections don't get dropped by the firewall (enable 24 hours before, disable 24 hours after). If you can take an outage, then you don't need to do this, but obviously connections will drop.
The more prep work you can do beforehand in terms of staging, the better, of course.
One factor to consider is: how much downtime is allowable. If you want to minimize it, then you'll probably want to temporarily enable the "Allow Out of State" Global Properties for TCP and UDP traffic so that in-process connections don't get dropped by the firewall (enable 24 hours before, disable 24 hours after). If you can take an outage, then you don't need to do this, but obviously connections will drop.
The more prep work you can do beforehand in terms of staging, the better, of course.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Is this an all in one Management and Gateway?
