Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Isaac_Modikwe
Explorer

Migrating Checkpoint management station

Hi,

I have a project to migrate our current checkpoint from our service provider to in house. Our service provide has 77.10 running on the Gateway and 77.20 running on the manager.

Important info:

- our service provider has multiple client managed by one manager

How would we get the policies and object from the service provider and import it into our new management station which is running 77.20 as well.

0 Kudos
2 Replies
Danny
Champion Champion
Champion

Your service provider is probably using Check Point Multi Domain Security Management (MDSM) R77.20 (previously known as Provider-1).

Please request them to send you a ./migrate export of your management configuration. The migrate tool can be found in this directory of your service provider's MDSM:

/opt/CPmds-R77/customers/NAME_OF_CUSTOMER_DMS/CPsuite-R77/fw1/bin/upgrade_tools/

Also request a WebVis output of all your policies and objects including any global rules.

Import the provided export via $FWDIR/bin/upgrade_tools/migrate import on your local management station, adjust the GUI clients and management admin account via the GAiA WebUI, IP address, licenses and everything to be able to finally log in into your own local management stations.

Finally compare the configuration in your management station with the provided WebVis configuration, configure your own firewall gateway and adjust policy installation target, NAT rules etc. and install the security policy for testing your configuration.

0 Kudos
PhoneBoy
Admin
Admin

R77.20 and earlier releases are End of Support and should not be used for new deployments.

You should strongly consider using R80.10 for your on-premise management, or at the very least R77.30 (which is still supported).

If your provider has your gateways managed in a separate domain from other customers, they should be able to provide you output from a migrate export using the tool for the target version.

If your partner is using the same management domain for multiple customers (which is not best practice), then it becomes a lot more complicated to get only your data for your gateway.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events