This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
IvonSerg
Explorer
‎2024-11-08 03:39 AM
Jump to solution

Change from Smart Console to local Gaia portal management

Hi and have a Good day to all!

We're using cluster of 2 QUANTUM 3800 SECURITY GATEWAY, and they are now connected to Smart console server, which is not accessible for us and cluster is managed by Smart console.

However we have physical access to this cluster in server room and we have access rights through the serial cable in expert\clish mode.

What we want: is to disconnect cluster from management of Smart Console, and manage it locally with Gaia portal (currently  web daemon-enable ON option is set), without resetting to defaults this cluster (to save licenses and a lot of tons of security rules for our infrastructure)

Is it possible? Maybe there is a way to export security rules from the whole cluster?

Thanks! Appreciate for any help!

 

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2024-11-15 05:27 AM
In response to IvonSerg
Jump to solution

It is possible, yes.
It will, however, require a complete reinstall of your cluster into a Full HA setup.
I'm fairly certain migrating distributed TO a Full HA setup won't be possible without having to resort to using an API-based solution like https://community.checkpoint.com/t5/API-CLI-Discussion/Python-tool-for-exporting-importing-a-policy-... 
Migrating from a Full HA to a distributed environment will present its own challenges, since I'm not sure we have a supported method for doing so (this procedure only applies to R7x versions: https://support.checkpoint.com/results/sk/sk44201 )

In short, I would strongly advise against doing this.
I would consider looking at Smart-1 Cloud instead or maintaining your existing external management server.

View solution in original post

5 Replies
PhoneBoy
Admin
Admin
‎2024-11-08 11:41 AM
Jump to solution

The only gateways that can have their security policy managed via a WebUI are Quantum Spark (SMB) appliances.
The 3800 appliances are regular Quantum gateways and must be managed through SmartConsole, which talks to a management server.
The management server can run on the gateway itself...is that the case in your environment?

0 Kudos
IvonSerg
Explorer
‎2024-11-15 01:03 AM
In response to PhoneBoy
Jump to solution

Hello! Appreciate for you fast response! Yes i think we're looking for solution like that (running management server on gateway itself), is it possible? If so, how?

 

Thanks!

0 Kudos
the_rock
Legend
Legend
‎2024-11-15 04:25 AM
In response to IvonSerg
Jump to solution

You are probably referring to standalone setup, meaning its gateway + management as one appliance, not distributed (separate).

Andy

0 Kudos
PhoneBoy
Admin
Admin
‎2024-11-15 05:27 AM
In response to IvonSerg
Jump to solution

It is possible, yes.
It will, however, require a complete reinstall of your cluster into a Full HA setup.
I'm fairly certain migrating distributed TO a Full HA setup won't be possible without having to resort to using an API-based solution like https://community.checkpoint.com/t5/API-CLI-Discussion/Python-tool-for-exporting-importing-a-policy-... 
Migrating from a Full HA to a distributed environment will present its own challenges, since I'm not sure we have a supported method for doing so (this procedure only applies to R7x versions: https://support.checkpoint.com/results/sk/sk44201 )

In short, I would strongly advise against doing this.
I would consider looking at Smart-1 Cloud instead or maintaining your existing external management server.

the_rock
Legend
Legend
‎2024-11-08 12:14 PM
Jump to solution

I never heard of that being possible for regular Gaia appliances. Only SMB ones can be managed locally. Is there a way to do it? Maybe, some convoluted/unsupported way, but as far as officially supported one, I doubt it.

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top