cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

Importing from SMS into MDS

Hi,

We've got to move a database which was on a Smart-1 into an MDS environment.  All we have to work with is a migrate export output which is about a week old.  We can't get access to the Smart-1 or the database (don't ask).

Doing a cma_migrate as per Installation and Upgrade Guide R80.20 ends with a "Migration completed successfully" message but nothing is imported in to the MDS.  This happens every time the domain is created (I did it a few times just in case) and the migrate export is approx 1GB in size.

Does this mean that the migrate export isn't going to be able to be imported into the MDS and a manual recreation of the rulebase is required?

TIA

12 Replies
Admin
Admin

Re: Importing from SMS into MDS

Assuming the SMS is on R80.x, importing this into an MDS is not currently supported.

It is a limitation we plan to address in the near future.

0 Kudos

Re: Importing from SMS into MDS

Thanks Dameon. It’s a bit of a significant limitation, though!

Any estimate on a fix? R80.30? Any suggested workarounds?

0 Kudos
Admin
Admin

Re: Importing from SMS into MDS

Unfortunately, I don't have a timeline on direct support for this.

R&D is very aware this is a significant gap (especially since it was supported in R77.x) and are working to address it.

As far as workarounds, this is what you can do currently: Python tool for exporting/importing a policy package or parts of it

It does have some limitations, but it's better than a wholesale recreation of everything. 

Re: Importing from SMS into MDS

Got it, thanks. Use that a lot for import/export of Office 365 objects for HTTPS Inspection. It’ll save a fair bit of work!

0 Kudos
Highlighted
Employee+
Employee+

Re: Importing from SMS into MDS

Hi Stuart Green‌,

My name is Eran and I'm the manager in Check Point R&D responsible for the core infrastructure of the Management server. Indeed in R80.x we're not yet supporting migration of a Security Management server into a Domain on a Multi Domain server. My team and I are working to complete this gap these days, and we target to reach EA few months from now. We would be happy to provide you an EA build on top of R80.20 as soon as we're ready so you could install and test it. You're also very welcome to provide your feedback and influence on the usability. Our plan is to integrate the code to an official version later this year.

This is a call for any customer who's waiting for the ability to migrate a Security Management server into a Domain on a Multi Domain server over R80.20 and above! You're welcome to reply to my comment and register, R&D will approach you in the next few of months to provide an EA build on top of R80.20.

migrate_SMS_to_MDS‌

Re: Importing from SMS into MDS

Is R80.x domain to R80.x Domain, or even R80.x Domain to SMS part of this plan?

Regards, Maarten
0 Kudos
Admin
Admin

Re: Importing from SMS into MDS

I believe all of the variants of moving to/from SMS to CMA/Domain will be supported as part of this effort.

0 Kudos
Employee+
Employee+

Re: Importing from SMS into MDS

Re: Importing from SMS into MDS

Hi Eran,

Currently I'm working on SMS 80.10 migration to MDS 80.10. Actually I have to migrate another SMS on 77.30 to the same MDS 80.10 but for me the 80.10 is more important. I was able to export successfully using the script, and now I'm waiting for the import script to finish and see the results. I'm doing that on a VM before doing the import on the new MDS. I will be very happy if I can get some support from R&D, so please let me know if I can participate somehow. I'm interested to know if very is a mandatory order in creating domains, importing policies. I'm trying to avoid wasting time reverting the process, if something will not be OK.

Thank you in advance for your feedback.

0 Kudos
Employee+
Employee+

Re: Importing from SMS into MDS

Hi Catalin,

What script are you using?
The ability to export R80.10 SMS and to migrate it to R80.10 MDS is under development (the purpose of my post was to share status and invite customers for EA few months from now).

Thanks,

Eran

0 Kudos

Re: Importing from SMS into MDS

Hi Eran.

It's the one from GitHub https://github.com/CheckPointSW/ExportImportPolicyPackage

I manage to do it on 80.10 but some Identity rules are not correct because there was some errors on Users Access Roles and then some NAT rules.

On 77.30 most of the NAT rules were not correctly imported.

Let's say I have just started and I have to work more. Are you interested in feedback from that GitHub script? CheckPoint will use that as a start or will create another from scratch?

Thank you!

Kind regards,

Catalin

0 Kudos
Employee+
Employee+

Re: Importing from SMS into MDS

Of course we're interested! You're more than welcome to comment in the github... Amiad Stern is the owner of Management API, he or someone from his team will address it.

Eran

0 Kudos