This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Jesus_Cano
Collaborator
‎2023-11-02 02:15 AM

Migrate SM410 to VM

Hello,
We have an SM-410 console that is saturated and we would like to migrate to a virtual environment. I have a series of doubts about the procedure and licensing:
1) Which method is better to backup the configuration, backup command or migrate_export? The version for SMS is R80.40.
2) Both methods would maintain the SIC with the gateways in the new console or it would have to be reinitialized.
3) In order to not touch the licenses. The most useful is to use the same IP as the old console in the new VM, right? If we changed the IP to be able to have both machines up without conflict. What would we need to do related to liceses?

Thanks

 

0 Kudos
5 Replies
Chris_Atkinson
Employee Employee
Employee
‎2023-11-02 04:25 AM

migrate_server as different hardware is involved.

New Open Server license is required.

No need to change IPs unless you want to, you can build the VM with its NIC disconnected to avoid conflicts to begin with.

CCSM R77/R80/ELITE
0 Kudos
Jesus_Cano
Collaborator
‎2023-11-02 04:34 AM
In response to Chris_Atkinson

I though the only relation with the licenses was the SMS IP. We will contact sales team to confirm and acquire the license in case its needed.

 

0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2023-11-02 05:02 AM
In response to Jesus_Cano

Unfortunately for Smart-1 the license is bound to the hardware.

CCSM R77/R80/ELITE
0 Kudos
Jesus_Cano
Collaborator
‎2023-11-02 06:59 AM
In response to Chris_Atkinson

migrate_server import would keep the SIC in the new SMS? or its needed to reinizializate the SIC after importing backup.

0 Kudos
Bob_Zimmerman
Authority
Authority
‎2023-11-02 07:42 AM
In response to Jesus_Cano

SIC keys survive a migrate_server and a migrate export/import (limited to the same version). All your firewalls will trust the management VM, though if you change IPs, they won't know about the new IP until you push policy to them. If the new VM has a different hostname from the old physical server, you will need to reset the certificate authority, which also wipes the SIC keys.

The licenses also survive this process. You will need a new open server management license to run the system legally. The existing management license should work well enough to let you test your migration process while waiting for an open server management license to be purchased. For example, you can set up a Windows VM with SmartConsole and confirm all your rules and objects made it to the management VM.

If you use central licensing for your firewalls, that will be tied to the management server's IP. If that IP changes, you will need to generate all of your firewall licenses again and reattach them. This can be disruptive. Not always, but can be. You can avoid any chance of disruption by generating a 30-day eval license for each firewall and applying it locally.

If you keep the same IP address and hostname, it's a really simple process.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    li.common.scroll-to.top