This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Biztech
Explorer
‎2023-12-19 03:06 AM

Relocating security management server from from one site to another in different network

Hello All,

 

I am new to Checkpoint looking for all the valuable suggestions from everyone. We have a site in London office which is hosting a SMS server with two security gateways whereas Noida office just have two security gateways. Both sites have different networks and subnets. The SMS at London is responsible for managing all the security gateways. Due to some reasons, we are shutting down our London office by next week and we need to move SMS VM  (Hyper-V hosted) to Noida site. For we did following: 

1. Added a new interface to original VM in hyper-v and SMS with the new IP address of Noida site. 

2. Copied the VM to Noida, imported in hyper-v, up and running, setup DNS etc. 

3. Followed sk73120  on how to migrate the management database to a machine with a different IP address, sk98530 on how to generate a security management license and applied the license to the VM in Noida.

No matter what we did, we could not manage to establish a communication between the SMS and security gateways at both sites. We also tried setting up a HA approach but failed at the first step because when creating a second checkpoint host entry, we couldn't fix SIC errors. That part shows "SIC initialized but trust not established".

I request you all to please provide valuable inputs as I am absolute beginner in the world of checkpoint. We only have this week to complete the work and then we are loosing the only working SMS (at London site) next week. 

 

0 Kudos
1 Reply
PhoneBoy
Admin
Admin
‎2023-12-19 04:31 PM

What version/JHF is the management?
If it's R80.40 or above, you should not use migrate (as mentioned in sk73120), but you should use migrate_server.

Also, have you verified TCP connectivity between the new management and the gateways on all the relevant ports?
You need to make sure the following ports are open:

image.png

Source: https://community.checkpoint.com/t5/Security-Gateways/R8x-Ports-Used-for-Communication-by-Various-Ch... 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events