This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
GABRIEL_MUMBOBI
Participant
‎2018-10-10 08:23 AM

Move security gateways from different separated sms to an existing remote mds

Hello folks there,

i have tracked the forum hoping to find answer to my needs by i could not find any topic related to my concern.

may be one can help. My project :

I'm responsible of a project which purpose is to migrate the management of 21 security gateways managed locally to a centralized location within a an existing mds environment.  All different sites (in diferent contries) are connected trough site-to-site VPN to the ecntralized sites were is located the mds.

Current architecture :

8 sites within the same VPN community with their firewall already remotely managed in the same domain server within the mds.

we are planning to move the management of 21 security gateways  located in four different remote sites to this existing domain server.  Each of these sites is connected to the central by site-to-site VPN.

Site A:

A cluster of two security gateways localy managed by a manager hosted by one of  them. 

Version  R77.30

Site B :

2 clusters of two gateways each and two other standalone gateways (FW version R77.30 and R80.10), both locally managed by by a sms under R80.10

Site C :

A clusters of two  firewalls with four other standalone firewall, both under 77.30 and managed by a sms under R80.10 version.

My change plan is to recreate manually objects and policy to the remote domain server (using public IP adresses for connectivity) and establish SIC, Reconfigure VPNs sincthere are  different other VPN configured on each sites. 

For the site A i will additionally rebuild the  cluster memeber that host the management to be a simple security gateway.

In all casesone member should be move first to avoid a long downtime

My concern is :   Is there another way to move this management to a centralized environment ?

I will appreciate your help

 your

5 Replies
G_W_Albrecht
Legend Legend
Legend
‎2018-10-11 01:21 AM

I find it a good idea to re-create all rules and objects in the new MDS. The alternative way is migrate export / import, see sk32506 upgrade_export command support on CMA for details.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
GABRIEL_MUMBOBI
Participant
‎2018-10-12 12:43 AM
In response to G_W_Albrecht

Hi Günther,

thanks a lot for your comment. The SK32506 is not helpfull for since i will not move the management server to the remote MDS, only gateways will be managed by existing domain server in the remote MDS.

I could not find any topic related to my situation.

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2018-10-12 02:40 AM
In response to GABRIEL_MUMBOBI

But you asked: Is there another way to move this management to a centralized environment ? Nad now you tell me that you will not move the management server to the remote MDS.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
GABRIEL_MUMBOBI
Participant
‎2018-10-12 03:19 AM
In response to G_W_Albrecht

My apologize. I wouldn't mean moving the management server, but moving these gateways to the management server in the mds. As I stated above, this server is already managing 12 other remote gateways.  My concernn is to know whether is there any other way to export policy and objects to the remote server than just manually creating each of object and single rule. In one of local manager I have more than thousend objects. 

0 Kudos
PhoneBoy
Admin
Admin
‎2018-10-13 02:25 AM

You've got a couple different issues here.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top