Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Mahamat
Participant
Jump to solution

Replace 4200 in r80.20 with 6200 appliance to cible os r81.20

Hi,

I'm on a project to replace the 4200 appliance current version r80.20 with 6200 appliance target version r81.20.
I'd like to know: how can I export all the configuration and the policies from the 4200 in r80.20 to the target?
-Will I be able to ask checkpoint to supply us with the 6200 appliance in r80.40 version as it's compatible with our old 4200 r80.20?
-Import all the configuration on the 6200 in r80.40,
-Upgrade the 6200 r80.40 to r81.20

Thank you for your help.


Regards,

AM

0 Kudos
1 Solution

Accepted Solutions
Bob_Zimmerman
Authority
Authority

Lower versions need to stop off at R80.40 before upgrading to R81 or higher. Since the 4200 supports R80.40, you should upgrade to R80.40 there. Then you can export the config from R80.40 and import it to the 6200 on R81.20 more easily.

View solution in original post

(1)
9 Replies
PhoneBoy
Admin
Admin

R80.40 is almost End of Support and has not been loaded on appliances in some time.
In any case, you should be able to use the migration tools to migrate the configuration to the new server.
Note this applies to management only (where most of the configuration is).

See: https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_SecurityManagement_AdminGuid... 

OS configuration will have to be migrated manually, but this will get the Security Policy/Threat Prevention configuration.

Mahamat
Participant

Hi @PhoneBoy 

Thank you for your feedback.
I understand that version r80.40 is almost End of Support but the appliance is at end of life, so does not support beyond r80.40.
If we ever order the rempalcmeent 6200 appliance with a r81.20 version, will there be a possibility to downgrade or import the new 4200 r80.20 configuration on 6200 r81.20?
Thanks a lot!

0 Kudos
PhoneBoy
Admin
Admin

R80.40 is supported on the 6200, but it will require a fresh install.
We list the supported software versions for a given appliance here: https://www.checkpoint.com/support-services/support-life-cycle-policy/ 

0 Kudos
the_rock
Legend
Legend

Here are my suggestions.

1) Upgrade existing appliances to R81.20, then simply follow below link

https://community.checkpoint.com/t5/Security-Gateways/Replace-Upgrade-Cluster/m-p/157228#M27268

OR

option 2) Get config of current appliances, you can simply run from expert -> clish -c "show configuration" > /var/log/currentconfig.txt , then get that file and copy bits and pieces over to new firewalls. Now, this might be a bit tricky since interfaces will never match, so it may take some time.

Personally, this is just me, I would do option 1, but again, thats how I had always done it.

Best,

Andy

0 Kudos
Mahamat
Participant

hi @the_rock ,

 

Thank you for your feedback.
i couldn't use option 1, the equipment doesn't support las beyond version r80.40,

I won't have any other choice for the moment apart from option 2.

I would have liked to have the option of making a full backup and importing on the other equipment.
I'm still looking, maybe I'll find other solutions.
Thanks again.

the_rock
Legend
Legend

Understood! Then option 2 seems the way to go. 

Best,

Andy

0 Kudos
Bob_Zimmerman
Authority
Authority

Lower versions need to stop off at R80.40 before upgrading to R81 or higher. Since the 4200 supports R80.40, you should upgrade to R80.40 there. Then you can export the config from R80.40 and import it to the 6200 on R81.20 more easily.

(1)
Mahamat
Participant

Hi,

 

Thank you @Bob_Zimmerman ,

We will choose this option

BR,

Adam

0 Kudos
the_rock
Legend
Legend

That also sounds most logical to me as well.

Best,

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events