Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
VkLaq
Explorer

Migrate export/import from 80.10 to 80.40

I'm going through upgrade SM 80.10 (an old appliance)-80.40(ESXI virtual machine). I migrated the database from one server (80.10) to another (80.40) without errors. But I noticed that it didn't copy OS users. Is there a way to migrate from one server to another with Gaia users?

 

 

0 Kudos
7 Replies
PhoneBoy
Admin
Admin

The standard migrate export/import tools for Security Management do NOT migrate OS settings by design.
If it’s just the users you care about, do a “show configuration” on the R80.10 system and run the relevant lines on your R80.40 system.

0 Kudos
VkLaq
Explorer

Hi, thank you for your reply. Is there a not standard way that lets me migrate everything including users, licenses, etc? There are a lot of 80.10 that I have to update. And my boss is a little bit nervous that we can be left not only without users but something more. I have found a server migrate tool but only for 80.30. Is that it?

0 Kudos
(1)
PhoneBoy
Admin
Admin

Recommend reading the following SK: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

If you've modified any configuration file manually, you will need to re-apply those changes.
Simply copying the files from R80.10 may not be sufficient as there are significant differences.
Any manual changes should be documented as part of your disaster recovery plan and re-evaluated on each new release. 

0 Kudos
HeikoAnkenbrand
Champion Champion
Champion

Hi @VkLaq,

Proceed the following steps to transfer the GAIA users:

1) R80.10 clish> save configuration config.txt
2) Delete all lines in config.txt (except those of the users).
3) R80.40 clish> load configuration config.txt

 

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
0 Kudos
_Val_
Admin
Admin

Step 3 is incomplete. When loading configuration, you should declare a failure state to OS, to avoid errors when user data is being changed. This is the full procedure for step 3:

 

HostName> set clienv on-failure continue
HostName> load configuration <filename>
HostName> set clienv on-failure stop
HostName> save config

 

0 Kudos
VkLaq
Explorer

Thank you all for your replies. I've also noticed that I don't see licenses on the web. But I see them in cplic print output. Is it normal? And during migrate I saw messages that a lot of files were changed. Like implied rules file. Does it mean these files are different on 80.10 than on 80.40 or I have to copy changes to the new config file? It's an old appliance it's been working for many years. Is it safe to migrate without changes these files and later make these changes if anything is going wrong?

0 Kudos
Daniel_
Advisor

It's easier to just get the user relevant configuration:
show configuration user

(If you need "group" or "aaa" it's the same way)

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events