Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
CPSOL-Tamura
Participant

Replace / Standalone Checkpoint quantum

I currently have planned replacing two standalone 4800s on R80.10.

I am looking to utilize almost same configuration and replace these gateways with two standalone 6700s on latest R81.10.
I want to check on the easiest way to accomplish this without not changing existed 4800s configuration.

I think this question is  commonly ask, but I could not find the "manual" about standalone appliance upgrade question without not change exist appliance configuration.

Are there any Check Point guides for something like this?

 

0 Kudos
3 Replies
PhoneBoy
Admin
Admin

In general, the procedure for standalone configurations isn't any different than it is for distributed.
That means you follow the same practice as described in the guides.
If you're going to swap hardware, I recommend doing something like the following;

  • Perform a migrate export on the 4800s using the R80.40 migration tools.
  • Perform a 'show configuration' of the 4800 if you want to take the OS configuration (though it may require modification before importing onto the new appliance)
  • Fresh install the 6700 with R80.40 and perform a migrate import of the R80.10 configuration
  • Use an in-place upgrade to R81.10 (if that's your ultimate destination)
  • Execute a likely modified version of the "show configuration" output on the 6700

With that, you should end up with the same configuration on different hardware and a newer version.
Note that R80.10 cannot be upgraded past R80.40, thus why we have to do a two-step migration.

0 Kudos
CPSOL-Tamura
Participant

Thank you for the reply.


I found normal method on the following manual. but the manual is written that we must install R81.0 migration tool in 4800s on R80.10.

https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_Installation_and_Upgrade_Guide/Top...

The 4800s are running the important role and policy, we must not change 4800s appliances include install other tool.

We want to set the 4800 configuration to the new 6800 and complete the setup by adding or changing the required items, like other vendors (cisco, Fortigate),  is it possible with checkpoint?

Is there another ideas? Or please tell me the guide to refer to.

0 Kudos
PhoneBoy
Admin
Admin

Like I said, you have to use R80.40, which is the latest version you can successfully upgrade R80.10 from.
Doing this to R81 directly is not supported.

If you can't even install the migration tools, which is fairly standard and won't disrupt anything about the existing configuration at all, then you're going to have a very difficult time migrating everything over.
It will require a maintenance window since it will perform a cpstop as part of the process.

0 Kudos