This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Zeppln
Participant
3 weeks ago

Standalone (GAIA R80.40) to distributed deployment (Spark 1500) migration

Hello everyone!

Here's the situation, a client is trying to migrate a standalone deployment (Gaia R80.40) to Smart 1 Cloud (R82). Currently, they have an open server for the standalone deployment. They have a new Quantum Spark 1600 SMB appliance which they intend to use as the Gateway on-premise. Since the manager can only be migrated to the Infinity Portal, we first need to migrate from standalone to a distributed deployment. I have read the procedure from sk154033 (https://support.checkpoint.com/results/sk/sk154033) and I have some questions.

Are there considerations to take into account regarding the current standalone version (R80.40) and synchronizing the new SMB appliance into the distributed deployment? Should I upgrade first before creating the secondary SMS and SG in SmartConsole? What SG configurations I must emulate in the SMB appliance, or is there a way to save the current config and upload it into the SMB appliance?

Thanks for the support!

 

8 Replies
Danny
Champion Champion
Champion
3 weeks ago

Since R80.40 is no longer supported, and SMB environments are typically small, and you're facing three migrations —

  1. Standalone to distributed

  2. Open server to SMB

  3. SmartCenter to Smart-1 Cloud

Therefore I recommend setting up the new SMB appliance from scratch, managing it centrally with a new Smart-1 Cloud instance, and manually migrating the security rules.

Zeppln
Participant
3 weeks ago
In response to Danny

Thanks for the insight! 

When setting up a new S1C instance, which configurations should I prioritize or which configs should be taken into consideration so the S1C instance works the same as the current deployment? When setting up the SMB appliance, is there a way to migrate configs from the current deployment such as static routes, interfaces and other info or I should manually configure them in the SMB (manually 1 by 1 just like the security policy)?

G_W_Albrecht
Legend Legend
Legend
2 weeks ago
In response to Zeppln

Configuring Gateway and Cluster Objects

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
PhoneBoy
Admin
Admin
3 weeks ago

In order to import the "standalone" gateway to Smart-1 Cloud, you would need to upgrade management to at least R81.10.
Since your goal is to be at a version above R81.10, you should instead use https://support.checkpoint.com/results/sk/sk179444 to go to R81.20.
You can then import that configuration in Smart-1 Cloud and use the same policy/objects now with the 1600 (possibly with some minor adjustments).

Zeppln
Participant
3 weeks ago
In response to PhoneBoy

Thanks for the comments! 

So in case I try this route, I should upgrade my deployment first to R81.20, then proceed to the migration to distributed deployment and then the upload the manager to S1C. Is there an sk to follow the procedure to import those configs so I use the same  policy/objects? 

0 Kudos
G_W_Albrecht
Legend Legend
Legend
2 weeks ago
In response to Zeppln

https://sc1.checkpoint.com/documents/Infinity_Portal/WebAdminGuides/EN/Check-Point-SmartCloud-Admin-...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
PhoneBoy
Admin
Admin
2 weeks ago
In response to Zeppln

The SK I linked explains the process.

0 Kudos
the_rock
Legend
Legend
2 weeks ago

Just a thought, but maybe not a bad idea to get in touch with professional services, Im positive they could assist with this.

Andy

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events