Solved: R80.10 Migration Uniqueness name problem

Lluis_Sole · ‎2018-05-08

Just finished to import my policy and configuration from R77.10 to a new Management R80.10.

Some uniqueness name errors apeared and all of them could be solved until this one:

One of the node names in the Checkpoint FW object is "fw1" like the service "FW1" (port 256), neither of them allow me to change his names.

Service it seems to be read only ... and I suspect that changing node name isnt an option in the Management.

There is a way to solve this?

Thanks.

UPDATE: As described in sk40179 FW1 or fw1 are reserved names...

The solution is to change the cluster node object resetting the SIC.

I'm thinking to change predefined service name FW1 using some advice about it?

dbedit> print services FW1

Object Name: FW1
Object UID: {97AEB388-9AEA-11D5-BD16-0090272CCB30}
Class Name: tcp_service
Table Name: services
Last Modified by: System
Last Modified from: localhost
Last Modification time: Mon May 7 13:03:06 2018
Fields Details
--------------
    aggressive_aging_timeout: 600
    color: firebrick
    comments: Check Point Security Gateway Service
    default_aggressive_aging_timeout: 0
    delayed_sync_value: 30
    enable_aggressive_aging: true
    enable_tcp_resource: false
    etm_enabled: false
    has_detect: false
    include_in_any: true
    inspect_streaming: NULL
    is_default_aggressive_timeout: true
    port: 256
    prohibit_aggressive_aging: false
    proto_type: NULL
    protocol_uuid:
    reload_proof: false
    service_port_type: customize
    spoofed_rst_detect: true
    src_port:
    sync_on_cluster: true
    timeout: 3600
    type: Tcp
    unified_streaming: NULL
    updated_by_sd: false
    use_default_session_timeout: true
    use_delayed_sync: false

Dave_Hoggan · ‎2018-05-09

Hi Lluis,

I had this exact issue a couple of months ago and, like you, resolved it my changing the gateway name.

I don't think it would be recommended to change the name of a pre-defined service as it could cause issues next time you upgrade.

Dave

View solution in original post

Dave_Hoggan · ‎2018-05-09

Hi Lluis,

I had this exact issue a couple of months ago and, like you, resolved it my changing the gateway name.

I don't think it would be recommended to change the name of a pre-defined service as it could cause issues next time you upgrade.

Dave

PhoneBoy · ‎2018-05-09

FW1 has long since been a reserved word.

Unfortunately, SmartDashboard (and predecessors) didn't always block creation of objects with this name.

In R80.x we block modifications to default services.

Lluis_Sole · ‎2018-05-14

SOLVED: Finally we changed the gateway name.

We reset the SIC to change the node name:

Management shell:
[Expert@HostName]# cp_conf sic init New_Activation_Key norestart
[Expert@HostName]# cpwd_admin stop -name CPD -path "$CPDIR/bin/cpd_admin" -command "cpd_admin stop"
[Expert@HostName]# cpwd_admin start -name CPD -path "$CPDIR/bin/cpd" -command "cpd"
Smart Dashboard:

```
Click on the Security Gateway object.
```
```
Click on 'Communication'.
```
```
Click 'Reset' and confirm.
```

Enter the New_Activation_Key (that was used in the 'cp_conf sic init ...' command on Security Gateway).

```
Click on 'Initialize'.
```
```
Install policy, if needed.
```

Thanks

dc-checkpoint · ‎2020-09-08

Sorry to revive such an old thread but I have the same situation and checkpoint told me to follow:

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

I'm questioning the need to remove the cluster itself from every VPN community and disable VPN blade before renaming the member firewall.

Did you have to do that in order to get the name changed? They are stating without that step it may cause IPSec VPN issues. Did you experience any?

Are you a member of CheckMates?

R80.10 Migration Uniqueness name problem