This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
johnnyringo
Advisor
‎2022-07-26 03:52 PM

Migrating existing clusters to different management server (R80.30)

Last year I'd brought up a pair of R80.30 clusters with a temporary R80.30 management server.  

I'm now ready to migrate over to a permanent R80.30 management server, which was built by a co-worker.  Currently, this is my plan to migrate to the new management server.

  1. Reset SIC on the gateways, create them in SmartConsole as if they were new clusters
  2. Re-enter all settings and IP addresses
  3. Re-create policy manually, install policy

This seems very manual and error-prone.  Is there a way to easily migrate, such as export/import or snapshot operations?   The policy isn't huge (only 25 rules or so) but I'd like to do anything possible to cut down the chance of an error.  

0 Kudos
5 Replies
Chris_Atkinson
Employee Employee
Employee
‎2022-07-26 04:23 PM

Is the new Management server fresh or does it have other gateways attached?

Depending on the details you can migrate the database:

https://sc1.checkpoint.com/documents/R80.30/WebAdminGuides/EN/CP_R80.30_Installation_and_Upgrade_Gui...

CCSM R77/R80/ELITE
0 Kudos
johnnyringo
Advisor
‎2022-07-26 04:28 PM
In response to Chris_Atkinson

The new management server already has a couple gateways attached.

 

0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2022-07-26 04:34 PM
In response to johnnyringo

If there are already gateways attached the process to merge them will be more manual and though there are some phython scripts that leverage the API that can help to a point. It might be helpful to enlist assistance from a partner or PS who have done this before.

Refer: https://community.checkpoint.com/t5/API-CLI-Discussion/Python-tool-for-exporting-importing-a-policy-...

Note also that support for R80.30 ends in September and you should consider upgrading. 

CCSM R77/R80/ELITE
0 Kudos
johnnyringo
Advisor
‎2022-07-26 04:42 PM
In response to Chris_Atkinson

OK, well given the policy is only 25 lines and can be re-entered within a couple hours, I'll probably just opt for the manual approach.  

And yes, I realize R80.30 is being phased out.  We just completed the migration off R77 less than 18 months ago, so...ummm..yeah....

0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2022-07-26 08:15 PM
In response to johnnyringo

 

For awareness if/when resetting SIC:

sk86521: Reset SIC without restarting the firewall process

CCSM R77/R80/ELITE
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events