Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
GuilletB
Participant
Jump to solution

Move Policy Manager from physical appliance to VM

Morning, 

I will need some support to move my Policy Manager actually under a physical Appliance to a VM.

My trouble is :

For the moment my physical Appliances are used for Policy manager/log/endpoint server (HA), I would to keep under those Appliances LOG and Endpoint Server and keep the actual IP.

and move only Policy manager Role under a new VM with new IP.

 

My Understanding is :

Install new policy manager Under my vm 

export/import database under new vm

link all the Gateways to the new Policy manager ip

probably need to change all licences as they have a new ip for the PM.

 

But

How can is say to the gateways that the log server is Under a different IP.

and most important part should I rebuild completly my pysical Appliances (log/enpoint)or can I just remove PM role? 

 

Attached a drawing to explain probably better what I would like to do.

Many thanks for your support.

Ben.

 

1 Solution

Accepted Solutions
HeikoAnkenbrand
Champion Champion
Champion

Hi @GuilletB,

Old SMS R80.10 or R80.30?

Migration from old to new server (with update to R80.30) and use the same IP on the new SMS.

1) Download R80.30 migration tools.

2) Copy the tool via winscp to your old server.

3) Extract the migration tool to a folder:

# tar xzvf migration...

4) Start migrate export.

# ./migrate export /var/log/migrate_file

New SMS R80.30

5) Copy migrate_file.tgz via winscp to your new R80.30 server to folder /var/log/migrate_file.tgz

6) Now change to folder:

# cd $FWDIR/bin/upgrade_tools

7) Now start migrate import:

# ./migrate import /var/log/migrate_file.tgz

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips

View solution in original post

2 Replies
PhoneBoy
Admin
Admin
After export/import, make the necessary configuration changes to support your new management server.
That includes relicensing.
If the current management server is a Check Point Appliance, you need to acquire Open Server management licenses as licenses for Check Point appliances are not transferable to VMs.
When you push policy to the gateways from the new management server, the gateways should log where they are configured to log per your new management server.
HeikoAnkenbrand
Champion Champion
Champion

Hi @GuilletB,

Old SMS R80.10 or R80.30?

Migration from old to new server (with update to R80.30) and use the same IP on the new SMS.

1) Download R80.30 migration tools.

2) Copy the tool via winscp to your old server.

3) Extract the migration tool to a folder:

# tar xzvf migration...

4) Start migrate export.

# ./migrate export /var/log/migrate_file

New SMS R80.30

5) Copy migrate_file.tgz via winscp to your new R80.30 server to folder /var/log/migrate_file.tgz

6) Now change to folder:

# cd $FWDIR/bin/upgrade_tools

7) Now start migrate import:

# ./migrate import /var/log/migrate_file.tgz

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events