Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
ITBbag
Explorer

How to migrate Gaia configuration & data to a fresh install?

I recently got into administrating our Checkpoint Gaia Firewall which currently is on version R81. I would like to upgrade it to R81.10, however I would like to do it in a fresh virtual machine, not via upgrade.

I tried to do 

migrate export FWconfig.tgz

and 

migrate import FWconfig.tgz

on the new VM, however it said it can't import anything that was created on a previous Gaia Version. Only same version.

I then found

save/load configuration <filename>

Which looks really good, but that "only" contains the configuration. I would like to have all my objects etc. too

Is there a way to export the configuration and also all the objects - basically everything - from Gaia to a newer Gaia Version?

0 Kudos
10 Replies
PhoneBoy
Admin
Admin

You are using the legacy migration tools, which are only supported to migrate to/from same version.
These are the new tools to use: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut... 

0 Kudos
_Val_
Admin
Admin

To make sure, are you migrating SmartCenter Server or a Security Gateway?

0 Kudos
the_rock
Champion
Champion

If its ONLY firewall part, then simply do show configuration and copy over the config output to new machine. If its mgmt server, then yes, you can do migrate export, or migrate server starting R80.20.

0 Kudos
Vladimir
Champion
Champion

@the_rock , bad idea. Copy/paste config can play havoc with migrating Gaia config.

On source GW, save configuration <filename> should be executed.

On destination, you should use:

set clienv on-falure continue

load configuration <filename

when successfully completed (you may see iterating counter as lines are being processed), run

set clienv on-failure stop

then,

save config

 

0 Kudos
the_rock
Champion
Champion

With all due respect @Vladimir , I disagree. I had done it way I mentioned countless times and never ever had a single issue. Not saying your way is wrong though : - )

0 Kudos
Vladimir
Champion
Champion

There is an sk somewhere that describes the process, but I am speaking from experience of actually stepping on this rake myself a few times in the past.

In relatively simple configurations, copy/paste may very well work.

In a more complex ones, you'll be able to paste, but look out for errors processing some of the lines.

It seems that in version R81 (and presumably later), we may actually use "save configuration <filename>" and "load configuration <filename>" without changing clienv settings, but until few months ago, I was still moving large clients from R77.30 using described method.

the_rock
Champion
Champion

Thats fair...Im type of mentality "whatever works, as long as nothing breaks" brother : - )

0 Kudos
Vladimir
Champion
Champion

In my case (many years ago) it did though 🙂

I recall comparing resultant config to the original one and seeing chunks of it missing.

0 Kudos
Vladimir
Champion
Champion

sk102234 Backing up Gaia system level configuration :

To create the configuration file, use the following procedure:

  1. Log in to the command line on the Security Gateway or Security Management.
  2. Run the following command with the filename of your choice:
     HostName > save configuration <filename>

This will create a file with your current system level configuration in the home directory of the current user.
For example, if logged in as "admin", the file will be located in /home/admin.

To load the configuration, use the following procedure:

Run Gaia First time configuration Wizard first when loading the configuration to a Gaia fresh installed device.

  1. Copy the file into the home directory of the user you will log in as.
    For example, if you will log in as "admin", put the file in /home/admin.

  2. Log in to the Security Gateway or Security Management server.

  3. Run the following command using the name of the configuration file.
    A message will display showing the current progress and any errors that are encountered.
    Then save config to commit the changes:

    HostName > set clienv on-failure continue
    HostName > load configuration <filename>
    HostName > set clienv on-failure stop
    HostName > save config

0 Kudos
_Val_
Admin
Admin

@Vladimir has a point, @the_rock 

There are certain things that are locked in a protected mode. When you declare on-failure status, those things can be safely overwritten with new data. Otherwise, as Vladimir mentioned, you may end up in an inconsistent state.

0 Kudos