This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
IKRAMWARFOU
Explorer
‎2025-04-24 07:48 AM
Jump to solution

Migrating Database from an R81.20 Standalone cluster (HA) to an R81.20 dedicated Management Server

Hello Community,

I'm currently working on migrating my standalone 5200 cluster appliance to a distributed 9100 cluster setup with a dedicated Security Management Server. I've followed all the procedures provided by Check Point, including sk179444, but haven't had any success.

The main issue arises when attempting to import the exported database from the standalone cluster — I receive an error stating that it's not possible to import a database from a standalone deployment into a dedicated Management Server.

Has anyone encountered this issue and successfully completed the migration? Any advice or alternative solutions would be greatly appreciated.

0 Kudos
2 Solutions

Accepted Solutions
Martijn
Advisor
Advisor
‎2025-04-25 06:30 AM
Jump to solution

Hi,

If you are building a new setup with a new SmartCenter and cluster based on 9100 appliances, you can look at the export/import policy script:

https://github.com/CheckPointSW/ExportImportPolicyPackage

This is a great tool for building a new setup, but you need the current policy packages.

There are some things you need to keep in mind.

- It only exports the policy packages and objects. So configurations in configurations files (table.def, user.def, ect) are gone.
- Bacause the database is not exported, you loose pre-shared keys from VPN configurations. You need to create the VPN's again.
- All settings, parameters and timers configured in SmartConsole are lost. You have to configure them again.

If you accept all of this, you can use the script as a alternative way for your migration.

Regards,
Martijn

View solution in original post

PhoneBoy
Admin
Admin
‎2025-04-25 06:34 AM
Jump to solution

You cannot migrate a Full HA cluster to a distributed setup using the standard migration tools.
You can use the following, though it will require some manual steps: https://support.checkpoint.com/results/sk/sk180923

View solution in original post

0 Kudos
5 Replies
the_rock
MVP Gold
MVP Gold
‎2025-04-24 06:12 PM
Jump to solution

Is the section below what you followed?

Andy

Migration Procedure from a Standalone environment to a Distributed environment - separate Security Management Server and Security Gateway

0 Kudos
IKRAMWARFOU
Explorer
‎2025-04-25 05:35 AM
In response to the_rock
Jump to solution

Yes, this is the section i followed.

0 Kudos
the_rock
MVP Gold
MVP Gold
‎2025-04-25 02:49 PM
In response to IKRAMWARFOU
Jump to solution

Im fairly sure what @PhoneBoy and @Martijn said is 100% right. I recall seeing about it in the past from a different post.

Andy

0 Kudos
Martijn
Advisor
Advisor
‎2025-04-25 06:30 AM
Jump to solution

Hi,

If you are building a new setup with a new SmartCenter and cluster based on 9100 appliances, you can look at the export/import policy script:

https://github.com/CheckPointSW/ExportImportPolicyPackage

This is a great tool for building a new setup, but you need the current policy packages.

There are some things you need to keep in mind.

- It only exports the policy packages and objects. So configurations in configurations files (table.def, user.def, ect) are gone.
- Bacause the database is not exported, you loose pre-shared keys from VPN configurations. You need to create the VPN's again.
- All settings, parameters and timers configured in SmartConsole are lost. You have to configure them again.

If you accept all of this, you can use the script as a alternative way for your migration.

Regards,
Martijn

PhoneBoy
Admin
Admin
‎2025-04-25 06:34 AM
Jump to solution

You cannot migrate a Full HA cluster to a distributed setup using the standard migration tools.
You can use the following, though it will require some manual steps: https://support.checkpoint.com/results/sk/sk180923

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events