Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
ITBbag
Explorer
Jump to solution

How to migrate Gaia configuration & data to a fresh install?

I recently got into administrating our Checkpoint Gaia Firewall which currently is on version R81. I would like to upgrade it to R81.10, however I would like to do it in a fresh virtual machine, not via upgrade.

I tried to do 

migrate export FWconfig.tgz

and 

migrate import FWconfig.tgz

on the new VM, however it said it can't import anything that was created on a previous Gaia Version. Only same version.

I then found

save/load configuration <filename>

Which looks really good, but that "only" contains the configuration. I would like to have all my objects etc. too

Is there a way to export the configuration and also all the objects - basically everything - from Gaia to a newer Gaia Version?

0 Kudos
1 Solution

Accepted Solutions
ITBbag
Explorer

I did it with a combination of the answers here. First of all to get the DB, and the Objects and everything, I used:

 

mkdir -p /tmp/upgrade
$FWDIR/scripts/migrate_server export -v R81.10 /tmp/upgrade/GAIAConfig.tgz 

 

Note: you might need to verify first or/and skip upgrade tools check. Also the --ignore_warnings flag could be useful

 

$FWDIR/scripts/migrate_server verify -skip_upgrade_tools_check -v R81.10

 

after this everything is exported and can be copied to somewhere via scp or your other favorite tool.

to import it on the new FW I used:

 

$FWDIR/scripts/migrate_server import /tmp/import/GAIAConfig.tgz -skip_upgrade_tools_check

 

This was for all the objects etc.

For the configuration of the FW itself, after the initial setup, I used this:

To export:

 

save configuration Config.txt

 

Note: you might want to delete some lines in the exported config file before importing it again. check out what will be set by loading this file and delete everything you don't want

export this too via scp to somewhere and then import it on the new FW

To import:

 

set clienv on-failure continue
load configuration Config.txt
set clienv on-failure stop
save config

 

View solution in original post

12 Replies
PhoneBoy
Admin
Admin

You are using the legacy migration tools, which are only supported to migrate to/from same version.
These are the new tools to use: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut... 

_Val_
Admin
Admin

To make sure, are you migrating SmartCenter Server or a Security Gateway?

0 Kudos
the_rock
Legend
Legend

If its ONLY firewall part, then simply do show configuration and copy over the config output to new machine. If its mgmt server, then yes, you can do migrate export, or migrate server starting R80.20.

0 Kudos
Vladimir
Champion
Champion

@the_rock , bad idea. Copy/paste config can play havoc with migrating Gaia config.

On source GW, save configuration <filename> should be executed.

On destination, you should use:

set clienv on-falure continue

load configuration <filename

when successfully completed (you may see iterating counter as lines are being processed), run

set clienv on-failure stop

then,

save config

 

0 Kudos
the_rock
Legend
Legend

With all due respect @Vladimir , I disagree. I had done it way I mentioned countless times and never ever had a single issue. Not saying your way is wrong though : - )

0 Kudos
Vladimir
Champion
Champion

There is an sk somewhere that describes the process, but I am speaking from experience of actually stepping on this rake myself a few times in the past.

In relatively simple configurations, copy/paste may very well work.

In a more complex ones, you'll be able to paste, but look out for errors processing some of the lines.

It seems that in version R81 (and presumably later), we may actually use "save configuration <filename>" and "load configuration <filename>" without changing clienv settings, but until few months ago, I was still moving large clients from R77.30 using described method.

the_rock
Legend
Legend

Thats fair...Im type of mentality "whatever works, as long as nothing breaks" brother : - )

0 Kudos
Vladimir
Champion
Champion

In my case (many years ago) it did though 🙂

I recall comparing resultant config to the original one and seeing chunks of it missing.

0 Kudos
Vladimir
Champion
Champion

sk102234 Backing up Gaia system level configuration :

To create the configuration file, use the following procedure:

  1. Log in to the command line on the Security Gateway or Security Management.
  2. Run the following command with the filename of your choice:
     HostName > save configuration <filename>

This will create a file with your current system level configuration in the home directory of the current user.
For example, if logged in as "admin", the file will be located in /home/admin.

To load the configuration, use the following procedure:

Run Gaia First time configuration Wizard first when loading the configuration to a Gaia fresh installed device.

  1. Copy the file into the home directory of the user you will log in as.
    For example, if you will log in as "admin", put the file in /home/admin.

  2. Log in to the Security Gateway or Security Management server.

  3. Run the following command using the name of the configuration file.
    A message will display showing the current progress and any errors that are encountered.
    Then save config to commit the changes:

    HostName > set clienv on-failure continue
    HostName > load configuration <filename>
    HostName > set clienv on-failure stop
    HostName > save config

_Val_
Admin
Admin

@Vladimir has a point, @the_rock 

There are certain things that are locked in a protected mode. When you declare on-failure status, those things can be safely overwritten with new data. Otherwise, as Vladimir mentioned, you may end up in an inconsistent state.

0 Kudos
cem82
Contributor

I'd check fwkern.conf as well and see if anything is still relevant / required.  Also if running any cron job scripts to copy those off too 🙂

0 Kudos
ITBbag
Explorer

I did it with a combination of the answers here. First of all to get the DB, and the Objects and everything, I used:

 

mkdir -p /tmp/upgrade
$FWDIR/scripts/migrate_server export -v R81.10 /tmp/upgrade/GAIAConfig.tgz 

 

Note: you might need to verify first or/and skip upgrade tools check. Also the --ignore_warnings flag could be useful

 

$FWDIR/scripts/migrate_server verify -skip_upgrade_tools_check -v R81.10

 

after this everything is exported and can be copied to somewhere via scp or your other favorite tool.

to import it on the new FW I used:

 

$FWDIR/scripts/migrate_server import /tmp/import/GAIAConfig.tgz -skip_upgrade_tools_check

 

This was for all the objects etc.

For the configuration of the FW itself, after the initial setup, I used this:

To export:

 

save configuration Config.txt

 

Note: you might want to delete some lines in the exported config file before importing it again. check out what will be set by loading this file and delete everything you don't want

export this too via scp to somewhere and then import it on the new FW

To import:

 

set clienv on-failure continue
load configuration Config.txt
set clienv on-failure stop
save config

 

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events