Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
George_Georgio1
Participant
Jump to solution

R80.20 Standalone cluster migration to a Distributed environment

Dear All,

We have being trying to do an R80.20 Standalone cluster migration to a Distributed environment without success. We have followed the below SK without any success

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

Also, is there a script/way to migrate the rules, objects and NATs since the above does not work.

Any help will be appreciated. Thank you.

George

1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin

If by Standalone Cluster, you mean Full HA (where management is on both cluster members), the procedure in sk179444 is not supported.
This is noted in the Limitations section.

Your only option is something like the following: https://community.checkpoint.com/t5/API-CLI-Discussion/Python-tool-for-exporting-importing-a-policy-...
You can run this tool against the primary system to export much of the Access Policy and Threat Prevention configuration and import it into a newly installed management server.
You will have to create several objects manually, but it’s far easier than recreating the entire configuration from scratch.

View solution in original post

10 Replies
_Val_
Admin
Admin

Where did you fail? It is hard to help you without knowing more details.

PhoneBoy
Admin
Admin

If by Standalone Cluster, you mean Full HA (where management is on both cluster members), the procedure in sk179444 is not supported.
This is noted in the Limitations section.

Your only option is something like the following: https://community.checkpoint.com/t5/API-CLI-Discussion/Python-tool-for-exporting-importing-a-policy-...
You can run this tool against the primary system to export much of the Access Policy and Threat Prevention configuration and import it into a newly installed management server.
You will have to create several objects manually, but it’s far easier than recreating the entire configuration from scratch.

George_Georgio1
Participant

Hi Val and PhoneBoy,

Thank you both for the replies. Yes, it's a Full HA and we saw the limitation on SK. So, the only way is to try the python script. We will do so and hopefully we will be able to export most of the access policy. Thank you again.

G_W_Albrecht
Legend Legend
Legend

See here for a working solution  Migrate R80.40 Full HA to distributed Management

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
George_Georgio1
Participant

Hi and thank you for the reply. Will this work on a Full HA R80.20 also?

G_W_Albrecht
Legend Legend
Legend

That may well be - but i would try to upgrade to R80.40 first, R80.20 is unsupported since last September...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
George_Georgio1
Participant

Thank you, we will try that.

George_Georgio1
Participant

Hi again,

We followed the procedure with both R80.40 and R81.10 with the same issue, we can not promote the Management

[Expert@CPMGT:0]# $FWDIR/bin/promote_util
Binding to localhost...Done
Opening database...Done
Promote failed.
Please make sure all clients are disconnected

 

Any ideas are welcomed. Thank you.

G_W_Albrecht
Legend Legend
Legend

Maybe TAC can help with this step. It is from sk114933 - so this step is supported.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
George_Georgio1
Participant

Hi again,

We have a case with the TAC since day one, unfortunately not much help there. Thank you anyway.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events