Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Lavanya_Kumar
Explorer

Hardware upgrade - 2200 to 4200

Hello,

Is there any SK or best practices to upgrade checkpoint hardware from 2200 to 4200. We are on R80.10 on both gateways and Mgmt server, so installed R80.10 on 4200 gateway. Is it necessary to have the same hotfix on the new one or just the version is good?

Below is what I planned :

  1. Backup the config on 2200 device (5 interfaces)
  2. Import the config to the 4200 gateway (3 interfaces - hope this does not matter unless we have more than 3 interfaces in use)
  3. Reset the SIC on management server for the existing gateway object and change it to 4000 appliance from the dropdown on smartconsole.
  4. Initiate SIC from the new gateway
  5. Install policy.

I thought about creating a new object, which I guess is easier, and delete the old object after getting the new one up, but dont want to do it unless its the only way. Let me know if there is any other way or if I am missing something?

Would be great if someone can answer this question.

Thanks!

0 Kudos
1 Reply
KennyManrique
Advisor

Hi Lavanya,


Im understanding you have two gateways (2200 and 4200) and a separate Security Management.

You are trying to replace 2200 with 4200? If this is the case you can follow this steps:

  • Save a copy of clish configuration on 2200 Appliance with "save configuration" command on cli (copy from "show configuration" also works)
  • Since 2200 Appliance has 6 physical interfaces and 4200 has 4 (without extra module), you will have to adapt the configuration in case the 2200 is using more than 4 interfaces (use VLANs instead for 4200)
  • Perform a clean Install as Gateway Only for 4200 Appliance and save SIC password
  • Once the configuration has been adapted (if it was neccesary), you can paste directly on 4200 Appliance CLI or manually configure each parameter through Gaia Portal
  • On 2200 object in Security Management perform a SIC Reset. You can follow the security management steps on sk65764: How to reset SIC 
  • Change the appliance from 2200 to 4200 on drop down list of the object
  • Verify your topology settings are correct
  • Install policy


Take into account when you reset SIC, some certificate based technologies must be reestablished. Also as recommendation, install the latest GA JHF for R80.10

Also you can create a new object for 4200 Appliance and establish SIC. This new object must have a different name than 2200 Appliance. Since you have Security Management Server R80.XX, once created you can make right click on 2200 object --> Where Used --> Select Replace option.

This also would work, but I think you have to replace manually the object in some sections of the policy that cant be replaced this way.

Regards.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events