Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Dalbir_singh
Contributor

Upgrading management appliance

Hi All

 

Greetings

Hope everyone is safe & healthy.

 

I just want to discuss some issues we have been facing for a long time. We are planning to upgrade the management device, Right now we are using Smart-1 504 which is end of life & support.  So our official brought an upgraded version of the management device, which is smart-1 405. So now I am going to elaborate on the issue we are facing in up gradation.

In our existing setup, We have one smart-1 504 management appliance & Smart-1 5 smart event for logs. Apart from this we are using 6 gateways (4800). All the gateways configuration is made in single device Smart-1 504 management. The OS we are using in our all appliance is r77.30

The issue we are facing now, We have 2 Smart-1 405 management appliances. The maximum supported gateways is 5 in 405 appliances, So the total gateway they are going to support is 10. My point is:

1. Smart-1 504 backup/configuration file works in smart-1 405 while migrating?

2. Will the same configuration work in both devices, As we need to change the IP address of both devices. What challenges & precautions we need to prepare !

3. How to split the policies or split the gateways if we successfully migrated to smart-1 405.

4. What changes are required in all gateways after the migration. 

5. if you have any plan of action or any upgrade/migration guide, Please share.

I am also sharing the snapshot of our existing & proposed setup.

 

Thanks in advance

 

Regards

Dalbir Singh

0 Kudos
4 Replies
PhoneBoy
Admin
Admin

If you’re actually managing 6 gateways from a single management, then you’ll need Smart-1 appliances capable of supporting more than 5 gateways.
For current appliances, this would be: CPAP-NGSM600S-PLUS (supports 10 gateways).

In General, you will do an Advanced Upgrade (migrate export/import) to move the policy configuration from one to the other.
For operating system configuration, depending on complexity it may be easier to just configure the new Smart-1 appliances.
That said, you may be able to use the show configuration output to make this a bit easier.

If you do the advanced migration and keep the same IPs, a simple policy install from the new Smart-1 appliances should get everything going to the new appliances (obviously disconnect the old ones first). 

Dalbir_singh
Contributor

Hi Sir

 

Thanks for the reply.

We are planning to move our 3 DC gateways to one management i.e. smart-1 405 & rest 3 DR gateways to 2nd management box.  If you have any documents link of advance migration, Please share.

IP address of one management box will change after the setup, I want to know what changes required in gateways after successful migration.

0 Kudos
PhoneBoy
Admin
Admin

Advanced Upgrade is covered in the installation/upgrade guide of the version you are migrating to.
For example, R80.40: https://sc1.checkpoint.com/documents/R80.40/WebAdminGuides/EN/CP_R80.40_Installation_and_Upgrade_Gui... 
You will also need the migration tools for the target version to take the migrate export output.
Note that if your target version is R81 or later, you will first need to do a two-step upgrade (with the first upgrade being R80.40).

The changes the gateways need should be taken care of once you perform an install policy from the new management server.

Dalbir_singh
Contributor

Hi

Thanks for the quick response, I will go through the documents & check the upgrade scenario first. 

Before going to update the appliance, I will keep everything in mind what suggested above.

Have a nice day ahead.

0 Kudos