This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
nicolas_figaro
Participant
‎2019-05-06 06:51 AM

migrate provider-1 r77.30 to smartcenter r80.20

Hello,

Did anyone already migrate from provider1 r77.30 to a regular smartcenter running r80.20 ?

I have to migrate a provider-1 with various CMAs to a single smartcenter. The goal is to create one policy per CMA, as each CMA manages only one policy for one firewall.

Does anyone know if it is possible to "change/batch convert" global objects to local objects ?

Thanks.

0 Kudos
4 Replies
Maarten_Sjouw
Champion
Champion
‎2019-05-08 02:51 AM

Nicolas,

You cannot easily export a CMA and then import i into a SmartCenter.
In R77.30 you can export and import network objects, hosts, networks, groups etc. You can import those into another R77.x CMA/SMS, so this could be a path.
With Smartmove you can export and import policies and objects. This could be another path, use CPuse to upgrade the current Multi Domain server to an R80.x version and run the export from there and then build a new R80.x SMS to run the imports on.
I have also heard Check Point is working hard on getting the import and export utilities to move from R80.x SMS or CMA to any other possible flavor (CMA/SMS), if merge is also part of this toolset I do not know, as that is what you would need here.
Regards, Maarten
0 Kudos
JozkoMrkvicka
Authority
Authority
‎2019-05-08 06:34 AM

Are you using dedicated Log servers within Provider-1 ?

Are you using HA (Primary / Secondary) deployment ?

The biggest issue I see is with Global Policy. You can create local objects (with different names). But then you need to replace each and every occurrence of Global object with the local object ... It will be a pain. Check Point Professional Service can be involved here.

The idea to go directly from MDS R77.30 to SMS R80.20 is not the best in my opinion. I would go from MDS R77.30 to SMS R77.30 and after that simply upgrade to R80.20 via CPUSE.

Maybe cp_merge tool (officially not supported) can be used for exporting and importing policy packages. Not sure if this will include also object creation.

 

Kind regards,
Jozko Mrkvicka
0 Kudos
JozkoMrkvicka
Authority
Authority
‎2019-05-08 09:47 AM
In response to JozkoMrkvicka

Fun fact:

I just tried to import R77.30 CMA to the R80.20 SMS. Source CMA has assigned Global Policies and Global Objects were used in many rules.
I didn't believe that such import would be possible (with Global Policy on CMA).
It turned out, that migrate import was successful !

And guess what ... all Global Objects are LOCAL !!!

Kind regards,
Jozko Mrkvicka
PhoneBoy
Admin
Admin
‎2019-05-08 08:51 AM

Officially, this requires the use of Professional Services.
Even with the correct procedure, this would need to be done in R77.30 since there is no way to do this in R80.x yet.
Tools to do variants of SMS/MDM export/import are still in the works.
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events