This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Vinay_Reddy
Explorer
‎2018-09-07 03:47 PM

SPLAT to GAIA

Hi All,

 

I have a 2205 Model gateway currently running on SPLAT OS with R75.20. Need to upgrade to GAIA R77.30. Decided to Re-image the box to R77.30 and do a fresh Install rather that upgrading it multiple times as the config is not too big to convert. What would the Back Out Plan be ?

7 Replies
aner_sagi
Contributor
‎2018-09-09 12:27 AM

Gaia config 

fwkern.conf

The above if it’s just a gateway. If it’s a stand-alone you will need migrate export and upgrade the database according to the book.

Aner

0 Kudos
HeikoAnkenbrand
MVP Platinum
MVP Platinum
‎2018-09-09 01:08 AM

Hi Vinay,

- Download clean installation file for 2200 appliance from link: Check Point R77.30

- Create a snapshot of the appliance!

On Splat:

1) Download the "copy files" script from: Migration from SecurePlatform OS to Gaia OS

2) Install "copy files" script:

  • Unpack this TAR file:

    [Expert@HostName]# cd /some_path_to_script/
    [Expert@HostName]# tar xvf copy_files.tar

  • Execute the script:

    [Expert@HostName]# sh copy_files.sh

  • The relevant SecurePlatform configuration files will be located in your home directory:

    ~/EXPORTED_SECUREPLATFORM_FILES.tar

3) Backup the following files

$FWDIR/boot/modules/fwkern.conf 

$FWDIR/conf/local.arp                     

$FWDIR/conf/discntd.if                     

$FWDIR/conf/trac_client_1.ttm

~/EXPORTED_SECUREPLATFORM_FILES.tar

 

4) Copy the files to PC

On GAIA:

1) Make a fresh install on 2200 appliance and start first config wizard.

2) Copy the file EXPORTED_SECUREPLATFORM_FILES.tar to the appliance

3) Convert the filse to GAIA config

  • Log in to Expert mode:

    HostName> expert

  • Go to the directory where you extracted the SecurePlatform configuration files

    [Expert@HostName]# cd /path_to_extracted_SecurePlatform_files/

  • Run the converter utility (specify the name of the output Gaia Clish script):

    [Expert@HostName]# converter -o <myconfig>

4) Install the GAIA settings in CLISH

> set clienv on-failure continue

> load configuration <myconfig>

5) Restore the files from point 3 if necessary.

$FWDIR/boot/modules/fwkern.conf 

$FWDIR/conf/trac_client_1.ttm       

Reboot:-)

6) SIC + Policy install

Regards,

Heiko

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
AlekseiShelepov
Advisor
‎2018-09-09 09:39 AM
In response to HeikoAnkenbrand

If I remember correctly, you cannot export snapshot from SPLAT in a simple way (with a button for example) and if you do a fresh install it will delete the snapshot on the appliance.

I think that redistribution settings for OSPF might not be migrated with copy_files.sh script. I would recommend in addition to this to create a backup and cpinfo files. Better to have more possibilities to restore config.

HeikoAnkenbrand
MVP Platinum
MVP Platinum
‎2018-09-09 10:49 AM
In response to AlekseiShelepov

Hi Aleksei,

Snapshot on SPLAT:

A snapshot takes an image of the whole system, including device drivers, HFA’s and Hotfixes.  Typical scenarios where you would want to use the snapshot method would be:

  •  You are about to make a major change to the system eg. software upgrade. Take a snapshot prior to the upgrade and if it all goes horribly wrong you can always reset the box back to the exact state it was in before you broke it
  • Snapshot after an upgrade, and use it as a means to rebuild the box if it dies. Restore the snapshot and then and add the most recent backup (think of as incremental backups) to get you up and running again.

  1. Run the command: snapshot
  2. Select the location you wish to save the file to, supply any credentials for ftp or scp servers, and supply a name for the snapshot file.
  3. If you select a local, the snapshot file will be created in /var/CPsnapshot/snapshots.
  4. Download the snapshot via winscp.

Backup on SPLAT:

A backup is very similar to a snaphot, in that in contains all the Check Point configuration, networking settings (routing info etc), but it does not include device drivers, HFA’s and Hotfixes.  The the idea is that you would restore the backup onto same OS, Check Point version and patch level.

  1. Run the command: backup.
  2. By default the backup file will be created in /var/CPbackup/backups.
  3. Download the backup via winscp.

In this solution snapshot is the better way and the correct CCSE examination answer:-)

Regards

Heiko

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
AlekseiShelepov
Advisor
‎2018-09-10 03:38 AM
In response to HeikoAnkenbrand

I understand that a snapshot is a better thing to do before an upgrade. CCSE question asks about upgrade path on Gaia I believe, in that case Snapshot will be the best option. But here we were asked about clean install and SPLAT -> Gaia.

But I think, /var/CPsnapshot/snapshots directory only relevant for Open Server. On 4000 appliances R75.X version it was not easily possible to export a snapshot on SPLAT, as it became possible on Gaia. And this SPLAT snapshot will be deleted during clean install.

Snapshot location on Gaia and SecurePlatform 

For example: Firewall Tips & Tricks and all about Network: Backup procedures for Checkpoint 

On the UTM-1 and Power-1 appliances the snapshot can only be performed from WebUI (not via CLI), and the file cannot be transferred to a different appliance.

0 Kudos
HeikoAnkenbrand
MVP Platinum
MVP Platinum
‎2018-09-09 11:00 AM

Hi Vinay,

I just noticed:-)

Please note 75.20 is out of support.

Regards

Heiko

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
0 Kudos
G_W_Albrecht
MVP Silver
MVP Silver
‎2018-09-10 02:32 AM

Please also note that Support for R77.30 ends May 2019 - that is only 8 month from now !

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events