This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
George_Georgio1
Participant
‎2023-02-13 07:49 AM
Jump to solution

R80.20 Standalone cluster migration to a Distributed environment

Dear All,

We have being trying to do an R80.20 Standalone cluster migration to a Distributed environment without success. We have followed the below SK without any success

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

Also, is there a script/way to migrate the rules, objects and NATs since the above does not work.

Any help will be appreciated. Thank you.

George

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2023-02-13 09:54 AM
Jump to solution

If by Standalone Cluster, you mean Full HA (where management is on both cluster members), the procedure in sk179444 is not supported.
This is noted in the Limitations section.

Your only option is something like the following: https://community.checkpoint.com/t5/API-CLI-Discussion/Python-tool-for-exporting-importing-a-policy-...
You can run this tool against the primary system to export much of the Access Policy and Threat Prevention configuration and import it into a newly installed management server.
You will have to create several objects manually, but it’s far easier than recreating the entire configuration from scratch.

View solution in original post

0 Kudos
10 Replies
_Val_
Admin
Admin
‎2023-02-13 07:55 AM
Jump to solution

Where did you fail? It is hard to help you without knowing more details.

0 Kudos
PhoneBoy
Admin
Admin
‎2023-02-13 09:54 AM
Jump to solution

If by Standalone Cluster, you mean Full HA (where management is on both cluster members), the procedure in sk179444 is not supported.
This is noted in the Limitations section.

Your only option is something like the following: https://community.checkpoint.com/t5/API-CLI-Discussion/Python-tool-for-exporting-importing-a-policy-...
You can run this tool against the primary system to export much of the Access Policy and Threat Prevention configuration and import it into a newly installed management server.
You will have to create several objects manually, but it’s far easier than recreating the entire configuration from scratch.

0 Kudos
George_Georgio1
Participant
‎2023-02-13 11:18 PM
In response to PhoneBoy
Jump to solution

Hi Val and PhoneBoy,

Thank you both for the replies. Yes, it's a Full HA and we saw the limitation on SK. So, the only way is to try the python script. We will do so and hopefully we will be able to export most of the access policy. Thank you again.

0 Kudos
G_W_Albrecht
MVP Silver
MVP Silver
‎2023-02-14 12:49 AM
Jump to solution

See here for a working solution  Migrate R80.40 Full HA to distributed Management

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
George_Georgio1
Participant
‎2023-02-14 01:11 AM
In response to G_W_Albrecht
Jump to solution

Hi and thank you for the reply. Will this work on a Full HA R80.20 also?

0 Kudos
G_W_Albrecht
MVP Silver
MVP Silver
‎2023-02-14 01:17 AM
In response to George_Georgio1
Jump to solution

That may well be - but i would try to upgrade to R80.40 first, R80.20 is unsupported since last September...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
George_Georgio1
Participant
‎2023-02-14 02:01 AM
In response to G_W_Albrecht
Jump to solution

Thank you, we will try that.

0 Kudos
George_Georgio1
Participant
‎2023-02-16 01:06 AM
In response to G_W_Albrecht
Jump to solution

Hi again,

We followed the procedure with both R80.40 and R81.10 with the same issue, we can not promote the Management

[Expert@CPMGT:0]# $FWDIR/bin/promote_util
Binding to localhost...Done
Opening database...Done
Promote failed.
Please make sure all clients are disconnected

 

Any ideas are welcomed. Thank you.

0 Kudos
G_W_Albrecht
MVP Silver
MVP Silver
‎2023-02-16 01:16 AM
In response to George_Georgio1
Jump to solution

Maybe TAC can help with this step. It is from sk114933 - so this step is supported.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
George_Georgio1
Participant
‎2023-02-16 01:21 AM
In response to G_W_Albrecht
Jump to solution

Hi again,

We have a case with the TAC since day one, unfortunately not much help there. Thank you anyway.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events