- CheckMates
- :
- Products
- :
- Quantum
- :
- Management
- :
- Re: Move S1C to On-prem
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Move S1C to On-prem
Hello guy!
As the user experience with S1C we decided to move from cloud to on-prem. I have 2 gateway run as clusterxl. Currently SIC version R82 and the new mgmt run R81.20 latest HF.
May I know the best practices for preparation during move gw to new mgmt?
Note: The new mgmt setup completely with import database from SIC and object and policies was synced.
Regard,
- Labels:
-
Integrations
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi guys,
The success migration step with below detail:
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
To be sure syc is already active between new onprem mgmt and all gateways? If you have done import and policies are in place you are good to go. Did you already installed policy with new mgmt?
If you like this post please give a thumbs up(kudo)! 🙂
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @Lesley ,
Install policy from new mgmt not yet do, due to gateway connected to SIC through tunnel interfaces.
Regard,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I assume the on-prem SmartCenter has a new IP?
When you import the database, SIC is already OK. But gateways have the old IP-address in the database.
- On old SmartCenter, create a dummy object for the new SmartCenter IP.
- On old SmartCenter, include the dummy object in rules between SmartCenter and gateways
- On old SmartCenter, push policy to gateways.
- Traffic between gateways and new SmartCenter IP is allowed now.
- On the new SmartCenter, make sure traffic between new SmartCenter IP and gateways is allowed.
- On the new SmartCenter push policy.
You can also follow sk86521- How to reset SIC without restarting the Check Point services
But make sure traffic between new SmartCenter IP and gateways is allowed by adding a dummy object.
Good luck.
Martijn
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Why not contact TAC ? They could give you hints and be prepared for RAS during the maintenance window when switching over to resolve any unforseen issues !
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We're thinking of going the other way: prem -> cloud for logging and management (10 gw clusters). Can you expand on the reasons why you're going back to prem? Thanks.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi mate,
The main reason's latency and user experience. cloud is a bit slow then on-prem.
Regard, thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I found and this is just my personal opinion, back in 2020, when I initially started working with S1C, it was not that great, I will admit. But now, I find its great and has gotten way better since then. All customers are already upgraded to R82 version in the cloud and I find the portal is actually even more responsive than before.
Again, my honest feedback about it.
Andy
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
yes, obsoletely R82 better then oldest for SIC. but it's customer choice.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I think the fact you can make rulebase change from literally any computer with Internet access from anywhere in the world, is a biggest advantage, in my opinion.
Andy
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi guys,
The success migration step with below detail:
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Awesome job!
