Hello,

My doubt is basically because of the following:

The documentation shared, is clear, but there is a point in the SK, that mentions to download the Upgrade Tools package (I attach the image), and this is where my doubt appears, this step #2 I understand, that is "optional", right?

Our idea is to INSTALL FROM 0 a new VM in the ESXi, from GAIA OS in Standalone deployment, which will work in R81.10 version, and we just want to "import" the rules database, from the VM that is damaged (which works in R80.30, but we already have a Backup, that we managed to obtain with the migrate_server export).

So, this step #2, in our scenario, if it can be OMITTED?

Simply, it would be to have the GAIA OS R81.10, up, and import the R80.30 policy package, with the "migrate_server import", is that correct?

Thanks for your comments.

Thats it, just make sure you follow examples given in the sk.

Andy

Hi, Bro

In a standalone deployment environment, is it normal that when I try to generate the "export" of the team's policy database, the services are "stopped"?

Is it not possible to generate the export of the policy package, without affecting the equipment?

Cheers 🙂

Sadly, I dont think its possible. As IM sure you know already, when cpstop is issued, it will unload the policy, so I strongly recommend doing this after hours. See, thats huge downside in my mind about standalone setup...no separate management server, which is very inconvenient when you have to perform any such similar operation.

Andy

So, is it natural, then, that the process of "exporting" package policies, in the standalone environment, affects the customer's overall services?

But it is 100% that the equipment, when applying the CPSTOP, during the export process, when it returns to "lift", has generated me the BACKUP of the policy package?

Yes and yes. Again, that is HUGE downside of standalone, not having separate management server to do these things in the middle of the day.

Correct, it will get you the backup of the policy, but do it AFTER HOURS, as it will totally remove the policy package until its cpstarted again.

Andy

Hello,

I am having recurring problems when trying to export the policy package.

I keep getting the same error over and over again.

Am I applying the correct command for the export?

I already have CPUSE updated.
I am in the cd $FWDIR/scripts folder.
I apply the command: ./migrate_server export -v R81.10 /var/log/tmp/CPR81X.tgz (On my Standalone)

But the export stays at 3% and I get the following message in Putty.

Is this normal?

Am I applying the correct command in the "migrate_server export"?

That parameter, "-v R81.10" is correct? Or should it go there, "-v R80.30"?

My environment right now, is in R80.30.

Cheers 🙂

Just follow SK example bro. If issues, I would work with TAC.

How long does it take before you get that message?
I suspect the SSH session is timing out because the process is taking so long.
TAC may need to assist here also.

An alternative approach to using migrate_server is: https://community.checkpoint.com/t5/API-CLI-Discussion/Python-tool-for-exporting-importing-a-policy-...

Unlike a migrate_server, this won’t require an outage on your existing gateway.
Unlike migrate_export, some rules and objects will have to be recreated (those without API support).