thanks, But I see that in the end, nothing is said about how to do it.

Let me explain it this way: Usually, customers change from Embedded SMB appliances to bigger GAiA appliances, but not the other way 😊.

Here, you just have to check the old policy for SMB limitations (see SKs) and change the IPS configs for the smaller HW footprint.

Can you explain more about this? Or can you provide me with some SK.
Apart from the policies, I would have to carry out the SIC of the new appliances with the MGMT.

Thankss

Yes, you will have to re-establish SIC

I understand that the sic configuration is the same as with another fw checkpoint?

And I have to follow these steps

1. Open the command line interface on the Security Gateway.

2. Run:

   cpconfig

3. Enter the number for Secure Internal Communication and press Enter.

4. Enter y to confirm.

5. Enter and confirm the activation key.

6. When done, enter the number for Exit.

7. Wait for Check Point processes to stop and automatically restart.

In SmartConsole:

1. In the General Properties window of the Security Gateway, click Communication.

2. In the Trusted Communication window, enter the one-time password (activation key) that you entered on the Security Gateway.

3. Click Initialize.

4. Wait for the Certificate State field to show Trust established.

5. Click OK.

It is not a cluster, I have 2 appliances but in standlone.
What do you mean by push politics?

I had also thought about creating a new object and using it for the new FW, what do you think of this idea?

How new are you to Check Point? Push policy means applying your Security policy package to your Security gateway. 

You can create a new object, but it will have the same management IP address as the old FW, so there will be a conflict. 

I've been using checkpoint for a few years, but I've never made a change from old FW or new ones.

Are you referring to installing policies?

Thank you for your answers.

The procedure would be rather simple if you do replace a GAiA appliance with a newer GAiA appliance. SMB units are basically not intended as a 12000 replacement but for SMBs 8)

I am only using the old FW blades firewall, IPSec VPN and IPS, that's why I thought to go down to a lower model, because they are for a backup center.

yes

Thank you very much for all your answers.

So these are the steps I'm going to take.

I will try with the management interface of the equipment, the configuration of the old FW has already been replicated, to the new FW.

Will I have to change the name of this interface in the topoly? Since in the new FW the name is LAN1 and in the old one it is eth1.

I will change the name in the platform, hardaware, operating system version, I will then perform the SIC with the MGMT, I understand that it is done the same as in any FW checkpoint.

Push policies.

And I will test traffic and functionalities.

If all goes well I will connect the rest of the interfaces.

Do you think there may be any addictional problem?

Or do you think I'm missing a step.

Yes, the interface names are not the same, so you will need to adjust them in the topology tab. Initializing SIC is a bit different as well, please follow the documentation. 

Once more, you need to make sure that the performance of your new 1800 appliance is enough for your needs. 

Another important note, I believe you will have to use R81.10 or a higher version of your management server to manage the 1800 appliance. 

According to the information I found, R80.40 is compatible.

This is for the older firmware versions R80.20.xx that have end of support in Oct-23, and end of support for R80.40 is January 2024.

don't understand your answer. According to the documentation found if it is compatible with an MGMT with R80.40 version

Management

1600 and 1800 Security Gateways are conveniently managed locally via a Web interface (offering simple and intuitive management and configuration), and centrally by Cloud-hosted SMP (Security Management Portal) which can scale to manage over 10,000 Check Point SMB Appliances. The Gateways can also be managed centrally by Check Point's central management solutions: SmartConsole, MDM, and LSM.

You can manage 1600 / 1800 Quantum Spark Appliances with these on-premises Management Servers:

• R81 and higher versions
• R80.40 Jumbo Hotfix Accumulator Take 91 and higher
• R80.30 Jumbo Hotfix Accumulator Take 227 and higher

The older firmware version branch R80.20.xx is compatible with an MGMT with R80.40 version !

But older firmware version branch R80.20.xx has end of support in Oct-23, and end of support for R80.40 MGMT is January 2024. So support would end next October for e.g. R80.20.50 firmware...

You have to decide if it makes sense to use software versions with less than a year support left.

One question, the name change in the network topology, I have to do it before changing the cables? I understand that it must be so, I am not quite sure about this step.

Better update interfaces and topology from SMB as found here: https://sc1.checkpoint.com/documents/SMB_R81.10.00/AdminGuides/Centrally_Managed/EN/Topics/Configuri...