This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
an_technical
Explorer
2 weeks ago

migrating from standalone to distributed model

Hi Team,

 

we have following architecture in our organization.

2 standalone firewalls in cluster

1 in distributed setup

 

we got new mgmt server and want to manage all firewalls through new mgmt server.

I can do database export import for distributed setup but how can i move policies from standalone firewall to new mgmt server. I used export_import_package and its throwing lot of errors. 

0 Kudos
10 Replies
Tal_Paz-Fridman
Employee
Employee
2 weeks ago

Please make sure to follow the instructions in https://support.checkpoint.com/results/sk/sk179444

Migration from a Standalone environment to a Distributed environment to versions R81.10 and higher versions

0 Kudos
an_technical
Explorer
2 weeks ago
In response to Tal_Paz-Fridman

Thanks @Tal_Paz-Fridman : I will test this.

I also wanted to know how to migrate the distributed env mgmt server to the new mgmt server. Will migrate_server will solve the problem?

0 Kudos
Tal_Paz-Fridman
Employee
Employee
2 weeks ago
In response to an_technical

As noted in the SK, migrate_server is part of the flow 

0 Kudos
an_technical
Explorer
2 weeks ago
In response to Tal_Paz-Fridman

Okay. One more question I have. migrate_server from standalone and distributed can be imported into new mgmt server?

 

0 Kudos
Tal_Paz-Fridman
Employee
Employee
2 weeks ago
In response to an_technical

migrate_server is the utility used for the export and import. It can be run from any machine that has a database. 

Just follow the instructions closely and it will work.

0 Kudos
an_technical
Explorer
2 weeks ago
In response to Tal_Paz-Fridman

Hi @Tal_Paz-Fridman :

I tried replicating sk179444. It failed with error: Migration between full HA and non full HA machine is not supported. The standalone devices are in HA.

Any suggestions. How to resolve this?

0 Kudos
an_technical
Explorer
2 weeks ago
In response to an_technical

Hi @Tal_Paz-Fridman : I tried following this article:
https://community.checkpoint.com/t5/Management/Moving-from-Full-HA-to-Distributed-on-R80-x/m-p/13068

I can only see the configuration2 file not the configuration file.

When I export export_standalone file. I get below content:

 

drwxr-xr-x 8 admin root 4.0K Jan 19 11:27 .
drwx------ 16 admin root 4.0K Jan 19 21:54 ..
drwxr-xr-x 3 admin root 164 Jan 19 11:27 31ab94da-4ab1-5da9-a03d-ddddddaaaaaa
drwxr-xr-x 3 admin root 164 Jan 19 11:27 41e821a0-3720-11e3-aa6e-0800200c9fde
drwxr-xr-x 3 admin root 164 Jan 19 11:27 8bf4ac51-2df7-40e1-9bce-bedbedbedbed
drwxr-xr-x 4 admin root 4.0K Jan 19 11:27 a0bbbc99-adef-4ef8-bb6d-cebcebcebceb
drwxr-xr-x 3 admin root 164 Jan 19 11:27 a0eebc99-afed-4ef8-bb6d-fedfedfedfed
-rw-r--r-- 1 admin root 57M Jan 19 11:27 a0eebc99-afed-4ef8-bb6d-fedfedfedfed.tgz
-rw-r--r-- 1 admin root 23K Jan 19 11:27 com.checkpoint.management.mgmt_blade.objects.DomainBase.data
-rw-r--r-- 1 admin root 7.3K Jan 19 11:27 com.checkpoint.management.upgrade.objects.UpgradeRuleData.data
-rw-rw---- 1 admin root 60M Jan 19 21:54 export_standalone
drwxr-xr-x 4 admin root 4.0K Jan 19 11:28 extra_data

This don't have configuration file.

If I extract a0eebc99-afed-4ef8-bb6d-fedfedfedfed.tgz
This has configuration2 file. After making the changes. I run below command 

tar -cvzPf export_standalone * and import the file. Import fails. I tried with .tgz extension as well.

Please suggest.

@_Val_ : Can you also please guide.

Thank You

 

 

0 Kudos
Tal_Paz-Fridman
Employee
Employee
2 weeks ago
In response to an_technical

The SK states clearly:

 

Limitations

These migration procedures do not support Full High Availability clusters (Full HA).

 

This might require contacting TAC or PS or use tools just to export and import the policy:

https://github.com/CheckPointSW/ExportObjects

https://github.com/CheckPointSW/ExportImportPolicyPackage

 

_Val_
Admin
Admin
2 weeks ago
In response to an_technical

As Tal already mentioned, Full HA migration is not supported. Open a TAC ticket to see if they can help you. Otherwise, you will need to engage with Check Point PS or re-create policy manually or through APIs

0 Kudos
_Val_
Admin
Admin
2 weeks ago
In response to an_technical

Also, the article is for a much older SW version, the suggested case will not work for you anymore.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events