Thank you PhoneBoy.  I take it I have to take the export from 80.30 using migrate_server?  What is the correct syntax for the export / import?  I see the examples but they seem to be for a MDS.  I don't have a multi domain environment.  I don't know if that makes a difference or not.

I found the migrate_server script in /opt/CPsuite-R80.30/fw1/scripts , but can't seem to get it to run

I have tried:

./migrate_server export /var/log/tmp/SMSexport

migrate_server export /var/log/tmp/SMSexport

Hey Mike,

Here is the best way to do it...once you download R80.40 upgrade tools and import them into R80.30 mgmt upgrade_tools dir (what I do is copy existing tools to say  a new folder called updated _upgrade_tools and then copy R80.40 tools in there, once done, run chmod 777 * and run  ./migrate export R80.30_export and once done, copy that  file to R80.40 server (to same dir $FWDIR/bin/upgrade_tools (maybe do chmod 777 * command as well) and then run ./migrate import R80.30_export (or whatever name you gave it) and that will import the config.

I had done this numerous times and never a problem. 

You shouldn’t be using the legacy migration tools to migrate from any release R80.20 or above.
They should only be used to migrate from an earlier release to releases up to and including R80.40.
They may still be present and may still work but you will have a better experience with the newer tools.

Thank you, I will keep that in mind. I used method I mentioned for R80.30 to R80.40 and it worked, but if this is newest method, will definitely execute those commands next time. 

Cheers!

Hi @the_rock,

Typical beginner issue.

Security bugs can be introduced when 777 permissions are granted. Linux lesson one, only grant permissions that are absolutely necessary.

You can also use 770 here.

I run that command by habit, never gave me problems 🙂

See: sk135172: Upgrade Tools package for upgrade from R80.20 and above and sk163814: Security Management Upgrade troubleshooting (new upgrade process)

Following the commands at the bottom of sk135172 the process just sits on Stopping Check Point services ...  I am over 30 minutes now.  Is it suppose to take this long?

[Expert@SMS-1:0]# $MDS_FWDIR/scripts/migrate_server export -skip_upgrade_tools_check -v R80.30 /var/log/tmp/SMS1

The export operation will eventually stop all Check Point services (cpstop). Do you want to continue (yes/no) [n]? yes
Stopping Check Point services ...

It's not uncommon for that command to take a while to complete, especially in larger environments.

The correct syntax for migrate_server is listed in the SK I linked above.
It is different from the legacy migratIon tools.

The SK's show the syntax example as  $MDS_FWDIR/scripts/.....  I was able to make this work correctly using $FWDIR/scripts/migrate_server  instead.  I wish the SK had an example with $FWDIR as well.

When on 80.40 is it acceptable to use the old style migrate export to have a backup of my policy to use if I ever needed to rebuild my SMS and then import to 80.40 (no version change)?

On a non-MDS system, $MDS_FWDIR should equal the same thing as $FWDIR (just FYI).
I'm not clear on the precise status of the old migration tools in terms of support.
That said, it seems safe to export/import on the same version, but I would test it before relying on it. 
The resulting export from migrate_export should be smaller.

Thank you for the information.  The scenario I am proposing using the old migrate export would be if I am NOT migrating to a different version and I simply want a backup file of my policy.  Migrate export seems to be a lot faster and doesn't require a cpstop / cpstart.  I agree moving between versions migrate_server is the better option.

I can only speak for myself, but I used migrate export and import regardless of the version and never had a problem at all and it was always super fast.

migrate export requires a cpstop/cpstart.

I agree, but personally, I never found that to be a show stopper 🙂