This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Libin_Thomas
Contributor
‎2017-09-24 10:08 AM
Jump to solution

Migrate standalone 4800 cluster to separate management server

hi Checkmates,

we have a customer running 4800 cluster (active /standby ) in standalone mode , now they have purchased separate management server .  we need to move the 4800 cluster standalone to distributed set up with minimum downtime.

Any suggestion, i have gone through some SK but not getting the proper steps to do it . if anyone can share the steps it will be very helpful.

thanks in advance

0 Kudos
1 Solution

Accepted Solutions
Danny
Champion Champion
Champion
‎2017-09-24 12:24 PM
Jump to solution

Maintaining a 4800 Appliance Cluster in Standalone Mode is called Full HA Mode. Therefore just follow the steps described in sk44201 in order to migrate your Full HA environment to Distributed environment.

I've done that several times. Works like a charm. For minimum downtime just leave one of the two 4800 Appliances running until your Distributed migration is completed with the other one of the 4800 Appliances and switch cables. This way you also have a fallback if something doesn't work as expected.

Related: sk66740

Alternative

If the 4800 Cluster is just a plain firewall I'd personally just export the policy, firewall and nat rules, objects and services via Confwiz (Release Notes, Admin Guide, Linux version) and import it back into the freshly installed management server. Of course the cluster object and global properties would need to be configured again manually but that almost all to it.

Then I'd reinstall and configure one of the two 4800 Appliances, establish SIC to the new management, install the security and bring it back into production before reinstalling the other 4800.

View solution in original post

0 Kudos
1 Reply
Danny
Champion Champion
Champion
‎2017-09-24 12:24 PM
Jump to solution

Maintaining a 4800 Appliance Cluster in Standalone Mode is called Full HA Mode. Therefore just follow the steps described in sk44201 in order to migrate your Full HA environment to Distributed environment.

I've done that several times. Works like a charm. For minimum downtime just leave one of the two 4800 Appliances running until your Distributed migration is completed with the other one of the 4800 Appliances and switch cables. This way you also have a fallback if something doesn't work as expected.

Related: sk66740

Alternative

If the 4800 Cluster is just a plain firewall I'd personally just export the policy, firewall and nat rules, objects and services via Confwiz (Release Notes, Admin Guide, Linux version) and import it back into the freshly installed management server. Of course the cluster object and global properties would need to be configured again manually but that almost all to it.

Then I'd reinstall and configure one of the two 4800 Appliances, establish SIC to the new management, install the security and bring it back into production before reinstalling the other 4800.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events