This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
GuilletB
Participant
‎2020-04-10 12:28 AM
Jump to solution

Move Policy Manager from physical appliance to VM

Morning, 

I will need some support to move my Policy Manager actually under a physical Appliance to a VM.

My trouble is :

For the moment my physical Appliances are used for Policy manager/log/endpoint server (HA), I would to keep under those Appliances LOG and Endpoint Server and keep the actual IP.

and move only Policy manager Role under a new VM with new IP.

 

My Understanding is :

Install new policy manager Under my vm 

export/import database under new vm

link all the Gateways to the new Policy manager ip

probably need to change all licences as they have a new ip for the PM.

 

But

How can is say to the gateways that the log server is Under a different IP.

and most important part should I rebuild completly my pysical Appliances (log/enpoint)or can I just remove PM role? 

 

Attached a drawing to explain probably better what I would like to do.

Many thanks for your support.

Ben.

 

futur1.pdf
Preview file
98 KB
actual1.pdf
Preview file
88 KB
1 Solution

Accepted Solutions
HeikoAnkenbrand
Champion Champion
Champion
‎2020-04-11 01:40 PM
Jump to solution

Hi @GuilletB,

Old SMS R80.10 or R80.30?

Migration from old to new server (with update to R80.30) and use the same IP on the new SMS.

1) Download R80.30 migration tools.

2) Copy the tool via winscp to your old server.

3) Extract the migration tool to a folder:

# tar xzvf migration...

4) Start migrate export.

# ./migrate export /var/log/migrate_file

New SMS R80.30

5) Copy migrate_file.tgz via winscp to your new R80.30 server to folder /var/log/migrate_file.tgz

6) Now change to folder:

# cd $FWDIR/bin/upgrade_tools

7) Now start migrate import:

# ./migrate import /var/log/migrate_file.tgz

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips

View solution in original post

2 Replies
PhoneBoy
Admin
Admin
‎2020-04-10 09:15 PM
Jump to solution

After export/import, make the necessary configuration changes to support your new management server.
That includes relicensing.
If the current management server is a Check Point Appliance, you need to acquire Open Server management licenses as licenses for Check Point appliances are not transferable to VMs.
When you push policy to the gateways from the new management server, the gateways should log where they are configured to log per your new management server.
HeikoAnkenbrand
Champion Champion
Champion
‎2020-04-11 01:40 PM
Jump to solution

Hi @GuilletB,

Old SMS R80.10 or R80.30?

Migration from old to new server (with update to R80.30) and use the same IP on the new SMS.

1) Download R80.30 migration tools.

2) Copy the tool via winscp to your old server.

3) Extract the migration tool to a folder:

# tar xzvf migration...

4) Start migrate export.

# ./migrate export /var/log/migrate_file

New SMS R80.30

5) Copy migrate_file.tgz via winscp to your new R80.30 server to folder /var/log/migrate_file.tgz

6) Now change to folder:

# cd $FWDIR/bin/upgrade_tools

7) Now start migrate import:

# ./migrate import /var/log/migrate_file.tgz

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top