This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
AkosBakos
Leader Leader
Leader
‎2019-05-28 11:39 PM

R77.30 Management HA to Standalone MGMT on VMware

Dear All,

I would like to ask you for a little help.

I have az R77.30 Management and gateway HA on separate 4400 appliance.

Yes, GW and the MGMT are on the same appliance. So, I have 2 appliances only, therefore I want to create a distributed installation.

Is there any step-by-stey guide how to do it?

 

I have less then 80 rules in the Security Policy and 20 NAT rules only.

A hands-on solution would be to copy rules manually to a new Managagemet, and forget this MGMT HA conversion. It can take 2 hours not more.

But there is one problem, I have five S2S VPNs which have pre-shared key. Of course, I don't know these secrets. They are reallly old.... and nnot documented.....

Can I somehow copy/export only the VPN rules especially the secrets?

Any tips are welcome 🙂

 

Akos

 

----------------
\m/_(>_<)_\m/
0 Kudos
3 Replies
G_W_Albrecht
Legend Legend
Legend
‎2019-05-29 06:09 AM

See sk44201: How to migrate FullHAenvironmentto Distributedenvironment

 

 

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
AkosBakos
Leader Leader
Leader
‎2019-05-29 06:16 AM
In response to G_W_Albrecht

Hi G_W_Albrecht,

Thank you for your answer, after my post I found this article.

And what about the manual rulebase copy?

Do you have any idea how to do it effectively ,because I have less then 80 rules.

With the manual copy, the one and only problem is the unknown pre-shared keys. How can I "mine" them from old policy?

BR,

Akos

----------------
\m/_(>_<)_\m/
0 Kudos
Vladimir
Champion
Champion
‎2019-05-29 06:15 AM

You can attempt to recover secrets by following this thread:

https://community.checkpoint.com/t5/General-Management-Topics/Shared-Secret-in-clear-text/td-p/7919

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top