Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
jimmyoban3
Explorer
Jump to solution

Moving Gateway to New Management and Importing Old Ruleset

Hi,

i have a checkpoint manager (R80.20) and need to manage one of our older firewalls (R77.30). 

The manager this old checkpoint had is in a bad way. 

Is there any way I can set a new SIC on the old firewall, manage it in the new GAIA manager and then import the existing rules as not to lose them?

 

thanks 

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin

If you can get to the old manager, then yes, there are ways to pull the configuration off.
The problem is that it's kind of an "all or nothing" proposition and there may other configuration on that management server that you might not want.
Also there isn't really a way to "merge" management domains.
What I would do is something like:

  1. migrate export the configuration using the migration tools from whatever R80.x version will be your target.
  2. Build a new R80.x manager as a VM and migrate import the R77.x configuration.
  3. Remove the unnecessary configuration in SmartConsole (e.g. rulesets, objects, etc).
  4. Use this tool to export the remaining configuration and import into your target management: https://community.checkpoint.com/t5/API-CLI-Discussion-and-Samples/Python-tool-for-exporting-importi...

View solution in original post

3 Replies
PhoneBoy
Admin
Admin
Changing the SIC is easy enough.
Importing the old ruleset is not possible, except possibly with the help of Check Point Professional Services.
You can look around in $FWDIR/state and find some of the details necessary to reconstruct said policy.
There is no easy import tool that I'm aware of.
0 Kudos
jimmyoban3
Explorer

Thanks - what if I can get on the old manager? Is there a way to export a policy from that one and import into new manager before changing SIC over?

 

thanks 

0 Kudos
PhoneBoy
Admin
Admin

If you can get to the old manager, then yes, there are ways to pull the configuration off.
The problem is that it's kind of an "all or nothing" proposition and there may other configuration on that management server that you might not want.
Also there isn't really a way to "merge" management domains.
What I would do is something like:

  1. migrate export the configuration using the migration tools from whatever R80.x version will be your target.
  2. Build a new R80.x manager as a VM and migrate import the R77.x configuration.
  3. Remove the unnecessary configuration in SmartConsole (e.g. rulesets, objects, etc).
  4. Use this tool to export the remaining configuration and import into your target management: https://community.checkpoint.com/t5/API-CLI-Discussion-and-Samples/Python-tool-for-exporting-importi...

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events