- Products
- Learn
- Local User Groups
- Partners
- More
Welcome to Maestro Masters!
Talk to Masters, Engage with Masters, Be a Maestro Master!
Join our TechTalk: Malware 2021 to Present Day
Building a Preventative Cyber Program
Be a CloudMate!
Check out our cloud security exclusive space!
Check Point's Cyber Park is Now Open
Let the Games Begin!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
CheckFlix!
All Videos In One Space
Hi all,
I am planning on migrating from a Smart-1 77.30 HA SMS to a Virtual 77.30 SMS with a new IP and ideally new hostname. The gateways managed by the smart-1 SMS perform site-to-site vpns and remote access vpns with the checkpoint client. Also, checkpoint utm edge servers and smb devices are managed by the Smart-1 SMS; these devices are also configured with site-to-site VPNs. I have seen other articles that explain that you need to retain the same IP on the new manager, perform configuration changes e.g. licensing, firewall rules, migrate-import, then you can use the new IP. A couple of questions. How do I connect to the new Virtual SMS with the old IP to make those changes when it is not routable to that part of the network? Second what is the correct procedure to perform this migration? Also what would be the rollback?
Thanks for your help.
Thank you for your response. So that I understand correctly when I migrate import on the new manager it will start using the management IP of the old manager. At that point, the only way I would be able to access the new manager is through the console; since it is a VM and in a different part of the network. In that case, I would have to change the management IP back to the new IP from the cli. Then connect using smartdashboard and change to the new ip on the management object. Finally, push policy to the gateways. Does that sound about right?
If you are already in the process of migrating, why do so to a new 77.30?
It is scheduled to be out of support in a few months. Go to R80.30 not to waste the effort.
Good Point Vladimir. Does R80.30 support R77.30 gateways and UTM Edge gateways? We are managing UTM Edge gateways through smart provisioning.
@PhoneBoy @Vladimir Per the upgrade guide of R80.20 and R80.30... "Important:
The IP addresses of the source and target R80.30 Security Management Servers must be the same. If you need to have a different IP address on the R80.30 Security Management Server, you can change it only after the upgrade procedure. Note that you have to issue licenses for the new IP address. For applicable procedures, see sk40993 and sk65451."
Does this mean I can follow the same steps PhoneBoy suggested for R80.20 and R80.30? Does "Upgrade procedure" mean after the migrate import or the install database from the upgrade guide?
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY