This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Attiq786
Participant
‎2021-06-13 04:40 AM

SmartMove for Policy Migration and Smart-1 Cloud Management

Hi

I am using Smart Move to migrate Cisco ASA policy to 1590 appliances. Is there a way to directly import the Output scripts to SMB or do I have to use a Central management(Gaia R80.30 above) Import the converted config (Via scripts) and push policy to SMBs?

My second question is that we are planning to use Smart-1 Cloud for management of multiple SMBs deployed in different sites but client do not want to import all configs instead they want to import one config per site at any given time. My understanding is in smart-1 cloud, if you migrate one DB and later on you migrate another one from other site, it will overwrite the existing one. is that correct or is there any way i can bring in multiple policy packages in smart-1 cloud later on after initial Migrate Import?

 

Thanks

0 Kudos
6 Replies
PhoneBoy
Admin
Admin
‎2021-06-13 09:35 PM

SmartMove is only for regular Check Point management, not for locally managed SMB appliances.
You can definitely import the output of SmartMove into regular Check Point management, which can push policy to the SMB device.

Smart-1 Cloud still does not support managing SMB appliances running R8x code, as far as I know.
This is on the short term roadmap.
In general, you are correct that a "migrate import" from another site after the initial one won't work.
You can either put it into a different Smart-1 Cloud tenant or use something like the python export/import tool to migrate the configuration into Smart-1 Cloud.

0 Kudos
Attiq786
Participant
‎2021-06-14 01:18 AM
In response to PhoneBoy

@PhoneBoy Thanks a lot for the clarification.

0 Kudos
Attiq786
Participant
‎2021-06-16 03:40 AM
In response to Attiq786

Hi @PhoneBoy 

 

CP has come back with below regarding Smart-1 Cloud - SMB compatibility.

https://sc1.checkpoint.com/documents/Infinity_Portal/WebAdminGuides/EN/Check-Point-SmartCloud-Admin-...

 

Supported Versions

Management

R81 is the deployed version

Gateways

  • R80.10 and above
  • 15XX series, R80.20.05 and above

I have another client with smart-1 cloud and I do not see 1500 appliances in the hardware list as per below. 

Attiq786_0-1623839865542.png

Can you please confirm? as according to Smart-1 Cloud Admin Guide, SMB with R80.20.05 and above are supported.

0 Kudos
G_W_Albrecht
MVP Silver
MVP Silver
‎2021-06-16 04:17 AM
In response to Attiq786

Try to Connect a new GW and you will see the SMB instructions:

SmartSMB.png

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Attiq786
Participant
‎2021-06-16 05:36 AM
In response to G_W_Albrecht

@G_W_Albrecht Thanks a lot for the explanation. 

If we use smart-1 cloud, will I be able to import multiple policy packages later on without using any third party scripts? may be with the help of TAC?

 

Regards

Attiq

0 Kudos
PhoneBoy
Admin
Admin
‎2021-06-16 08:28 AM
In response to Attiq786

You can do a first-time import using the standard migration tools.
Unfortunately, that overwrites the configuration.
For additional policy packages, you would likely need to use something like: https://community.checkpoint.com/t5/API-CLI-Discussion/Python-tool-for-exporting-importing-a-policy-... 
This tool is developed by Check Point R&D and you are welcome to ask questions about it on CheckMates, but it does not necessarily have formal TAC support.
It will also require some manual steps since not every object type has API support, however it will work for the bulk of the policy itself.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events