This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Rosenkrantz
Participant
‎2022-12-20 06:57 AM
Jump to solution

migrating VSX to other domain on same MDS

Hello.

I need some help here, but maybe there is no easy solution for this.

We have a Checkpoint SMC that we need to migrate to MDS. at the same time we need to split of the VSX clusters on several domains. Now, I hoped that I could just import same SMC to MDS several times and then cleanup what is not needed, and change IPs and names where needed, but it seems that is not supported: 

k156072
Domain Migration in versions R80.20 and higher
limitations:
Migration of the same security management server twice into an MDS (or to two different MDS machines in the same HA environment) is not supported.

 

Does anybody have an idea to how we can split the VSX clusters out to several domains?

all VSX clusters share the same policy package with a lot of objects so we really hoped the same smartcenter could be imported several times, but now I am out of ideas.

Best regards

René Rosenkrantz

0 Kudos
2 Solutions

Accepted Solutions
PhoneBoy
Admin
Admin
‎2022-12-20 06:12 PM
Jump to solution

Domain/SMS exports also include the Internal Certificate Authority.
The same ICA database cannot be used in multiple domains.

Which means…you’ll probably need to use something like: https://community.checkpoint.com/t5/API-CLI-Discussion/Python-tool-for-exporting-importing-a-policy-...

View solution in original post

_Val_
Admin
Admin
‎2022-12-21 01:51 AM
In response to Rosenkrantz
Jump to solution

Not easy at all. You will have to re-create VSX objects manually. I would use vsx provisioning tool for individual VSs. In the process, you will have to scratch your existing VSX config and perform reset gw, or you can "move" your clusters to a new HW. 

View solution in original post

4 Replies
G_W_Albrecht
Legend Legend
Legend
‎2022-12-20 07:46 AM
Jump to solution

I would ask TAC for a procedure to make this possible !

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
PhoneBoy
Admin
Admin
‎2022-12-20 06:12 PM
Jump to solution

Domain/SMS exports also include the Internal Certificate Authority.
The same ICA database cannot be used in multiple domains.

Which means…you’ll probably need to use something like: https://community.checkpoint.com/t5/API-CLI-Discussion/Python-tool-for-exporting-importing-a-policy-...

Rosenkrantz
Participant
‎2022-12-21 01:42 AM
In response to PhoneBoy
Jump to solution

Thank you.

I think I can conclude that its not that easy. but exporting policies and objects is still a big help. to recreate the VSX is possible.

would be nice with export /import on the VSX clusters tho. 🙂

0 Kudos
_Val_
Admin
Admin
‎2022-12-21 01:51 AM
In response to Rosenkrantz
Jump to solution

Not easy at all. You will have to re-create VSX objects manually. I would use vsx provisioning tool for individual VSs. In the process, you will have to scratch your existing VSX config and perform reset gw, or you can "move" your clusters to a new HW. 

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events