Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

migrate provider-1 r77.30 to smartcenter r80.20

Hello,

Did anyone already migrate from provider1 r77.30 to a regular smartcenter running r80.20 ?

I have to migrate a provider-1 with various CMAs to a single smartcenter. The goal is to create one policy per CMA, as each CMA manages only one policy for one firewall.

Does anyone know if it is possible to "change/batch convert" global objects to local objects ?

Thanks.

0 Kudos
4 Replies
Highlighted

Re: migrate provider-1 r77.30 to smartcenter r80.20

Nicolas,

You cannot easily export a CMA and then import i into a SmartCenter.
In R77.30 you can export and import network objects, hosts, networks, groups etc. You can import those into another R77.x CMA/SMS, so this could be a path.
With Smartmove you can export and import policies and objects. This could be another path, use CPuse to upgrade the current Multi Domain server to an R80.x version and run the export from there and then build a new R80.x SMS to run the imports on.
I have also heard Check Point is working hard on getting the import and export utilities to move from R80.x SMS or CMA to any other possible flavor (CMA/SMS), if merge is also part of this toolset I do not know, as that is what you would need here.
Regards, Maarten
0 Kudos
Highlighted
Platinum

Re: migrate provider-1 r77.30 to smartcenter r80.20

Are you using dedicated Log servers within Provider-1 ?

Are you using HA (Primary / Secondary) deployment ?

The biggest issue I see is with Global Policy. You can create local objects (with different names). But then you need to replace each and every occurrence of Global object with the local object ... It will be a pain. Check Point Professional Service can be involved here.

The idea to go directly from MDS R77.30 to SMS R80.20 is not the best in my opinion. I would go from MDS R77.30 to SMS R77.30 and after that simply upgrade to R80.20 via CPUSE.

Maybe cp_merge tool (officially not supported) can be used for exporting and importing policy packages. Not sure if this will include also object creation.

 

Kind regards,
Jozko Mrkvicka
0 Kudos
Highlighted
Platinum

Re: migrate provider-1 r77.30 to smartcenter r80.20

Fun fact:

I just tried to import R77.30 CMA to the R80.20 SMS. Source CMA has assigned Global Policies and Global Objects were used in many rules.
I didn't believe that such import would be possible (with Global Policy on CMA).
It turned out, that migrate import was successful !

And guess what ... all Global Objects are LOCAL !!!

Kind regards,
Jozko Mrkvicka
Highlighted
Admin
Admin

Re: migrate provider-1 r77.30 to smartcenter r80.20

Officially, this requires the use of Professional Services.
Even with the correct procedure, this would need to be done in R77.30 since there is no way to do this in R80.x yet.
Tools to do variants of SMS/MDM export/import are still in the works.
0 Kudos