Hi All,
We have two management servers (SMS) and we would like to integrate both into one. The management server that needs to be migrated to the centralized mangement server has only one policy with single cluster gateway. The other centralized management server has mulitple policies. The centralized management server is reachable only via a routed network over MPLS, the current one is local (same datacenter). The version we use is R80.40 for both old and new management server (at least that is the idea to have similar versions).
I was thinking on how to migrate this with the least impact possible with following steps:
First assure that the ports are open for new management server to gateway comms two-way
https://community.checkpoint.com/t5/Security-Gateways/R81-x-Ports-Used-for-Communication-by-Various-...
18191,18192,18211,256,18210,18202,18183,18208
- Create the security gateway objects on the new centralized management server
- Create the security policy manually (it is not big so that would be feasible)
- Then in maintenance window perform SIC reset on the standby gateway cluster using sk65764
- Establish SIC from the new management server to the standby gateway
- verify using sk103356 if the ICAip registry is reflecting the new management server IP address
- Install policy from the new management server to the standby gateway
- Perform failover to the standby gateway to verify if everything is fine
- Then perform the same for the other gateway
Would this procedure work if both hostname and IP address changes and establishing SIC to the new management server after manually migrate and install a security policy to it?
Is it possible to do this per gateway so first standby then the other gateway to minimize the downtime?
Any remark and recommendation would be highly appreciated.
Marvin