Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
IKRAMWARFOU
Explorer
Jump to solution

Migrating Database from an R81.20 Standalone cluster (HA) to an R81.20 dedicated Management Server

Hello Community,

I'm currently working on migrating my standalone 5200 cluster appliance to a distributed 9100 cluster setup with a dedicated Security Management Server. I've followed all the procedures provided by Check Point, including sk179444, but haven't had any success.

The main issue arises when attempting to import the exported database from the standalone cluster — I receive an error stating that it's not possible to import a database from a standalone deployment into a dedicated Management Server.

Has anyone encountered this issue and successfully completed the migration? Any advice or alternative solutions would be greatly appreciated.

0 Kudos
2 Solutions

Accepted Solutions
Martijn
Advisor
Advisor

Hi,

If you are building a new setup with a new SmartCenter and cluster based on 9100 appliances, you can look at the export/import policy script:

https://github.com/CheckPointSW/ExportImportPolicyPackage

This is a great tool for building a new setup, but you need the current policy packages.

There are some things you need to keep in mind.

- It only exports the policy packages and objects. So configurations in configurations files (table.def, user.def, ect) are gone.
- Bacause the database is not exported, you loose pre-shared keys from VPN configurations. You need to create the VPN's again.
- All settings, parameters and timers configured in SmartConsole are lost. You have to configure them again.

If you accept all of this, you can use the script as a alternative way for your migration.

Regards,
Martijn

View solution in original post

PhoneBoy
Admin
Admin

You cannot migrate a Full HA cluster to a distributed setup using the standard migration tools.
You can use the following, though it will require some manual steps: https://support.checkpoint.com/results/sk/sk180923

View solution in original post

0 Kudos
5 Replies
the_rock
MVP Gold
MVP Gold

Is the section below what you followed?

Andy

Migration Procedure from a Standalone environment to a Distributed environment - separate Security Management Server and Security Gateway

0 Kudos
IKRAMWARFOU
Explorer

Yes, this is the section i followed.

0 Kudos
the_rock
MVP Gold
MVP Gold

Im fairly sure what @PhoneBoy and @Martijn said is 100% right. I recall seeing about it in the past from a different post.

Andy

0 Kudos
Martijn
Advisor
Advisor

Hi,

If you are building a new setup with a new SmartCenter and cluster based on 9100 appliances, you can look at the export/import policy script:

https://github.com/CheckPointSW/ExportImportPolicyPackage

This is a great tool for building a new setup, but you need the current policy packages.

There are some things you need to keep in mind.

- It only exports the policy packages and objects. So configurations in configurations files (table.def, user.def, ect) are gone.
- Bacause the database is not exported, you loose pre-shared keys from VPN configurations. You need to create the VPN's again.
- All settings, parameters and timers configured in SmartConsole are lost. You have to configure them again.

If you accept all of this, you can use the script as a alternative way for your migration.

Regards,
Martijn

PhoneBoy
Admin
Admin

You cannot migrate a Full HA cluster to a distributed setup using the standard migration tools.
You can use the following, though it will require some manual steps: https://support.checkpoint.com/results/sk/sk180923

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events