Are you a member of CheckMates?
×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
It partially depends on which IP is assigned as a main Gateway's IP: i.e. if it is the IP used for licensing, you'll have to detach and re-attach the license (if centralized) or re-key the license to the new IP in the User Center.
Keep in mind that if you are using peer to peer VPNs, you'll have to coordinate cut-over to the new IP with them.
There is a good post on this subject at: Change firewall own IP address :
Re: Change firewall own IP address
First off all, do you have a spare interface on the gateways? If so it will make it easier to migrate especially for your VPN users.
How to:Done.
- stage 1
- setup the free interface with the new IP's of the new provider and connect them to the provider.
- in dashboard add these interfaces and IP's to the cluster topology, with the cluster interface set to external
- In the IPSec VPN tab of the cluster go to the Link Selection page, now set the new interface as the main connection point.
- in the same page go to the Source IP address settings, here change the setting to "IP Address of chosen interface"
- end stage 1
- leave this for about a week, the time that most users will at least have connected once?
- stage 2
- in dashboard prepare all the NAT changes, make sure that all Inbound IP's are at the changing point changed in DNS? (prepare the DNS cache time to be set low a week before you do this and set it back to normal after a few days after you are done)
- change the default route on the 2 gateways to point to the new connection
- end stage 2
- keep an eye on tracker to see how much traffic is still hitting the old connection/IP's
- Stage 3
- disable the interfaces with the old provider.
Regards, Maarten."
