This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
gm446
Contributor
‎2023-01-18 12:44 AM
Jump to solution

Replace a firewall

Hi ,

there is any step by step procedure o best practice to replace a gateway with a new model?

old gateway is 6600 with R80.40 and the plan is to replace it with 6900 with R80.40 / R81.10
the target is to preserve all the current states and configurations from the old firewall to the new firewall. the SMS is on other VM.
my plan is this procedure:

1. Backup old firewall and restore the backup on the new firewall.
2. Manually backup DHCP configuration file and IP Assignments file.
3. Upgrade new firewall to R81.10
4. Move the cables from the old firewall to the new firewall
5. Re-Establish SIC and edit gateway object propertie
6. Install Policy

what do you think about this plan? i missed any step?

Thank you in advance,

Yossi

 

0 Kudos
(1)
1 Solution

Accepted Solutions
the_rock
MVP Gold
MVP Gold
‎2023-01-18 05:38 AM
In response to gm446
Jump to solution

By the way, below link could be helpful to you, though its cluster related, but same method applies.

https://community.checkpoint.com/t5/Security-Gateways/Replace-Upgrade-Cluster/td-p/69216

Also, make sure to NOT backup/restore, as its different hardware. Do clish -c "show confirguration" /var/log/configfile.txt on current fw, make necessary changes to reflect interfaces/routes on new fw and then on the new fw, from clich, run load configuration /var/log/configfile.txt (just make sure its in /var/log dir or wherever you move it to).

Hope that helps.

Andy

View solution in original post

11 Replies
Chris_Atkinson
MVP Gold CHKP MVP Gold CHKP
MVP Gold CHKP
‎2023-01-18 03:49 AM
Jump to solution

For the backup restoration you should also consider the JHF version to be safe, similar with the version upgrade don't just deploy it with the base image rather also apply the latest recommended JHF.

CCSM R77/R80/ELITE
the_rock
MVP Gold
MVP Gold
‎2023-01-18 03:54 AM
Jump to solution

Chris is right, consider latest recommended jumbo as well.

G_W_Albrecht
MVP Silver
MVP Silver
‎2023-01-18 04:28 AM
Jump to solution

Between step 1 and 2 you will have to perform FTW on appliance for basic config. Not sure if you need to remake SIC though...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
gm446
Contributor
‎2023-01-18 05:14 AM
In response to G_W_Albrecht
Jump to solution

Thank you very much for the insights. sure i forgot about the first time configuration wizard and the JHF version.

 

0 Kudos
the_rock
MVP Gold
MVP Gold
‎2023-01-18 05:38 AM
In response to gm446
Jump to solution

By the way, below link could be helpful to you, though its cluster related, but same method applies.

https://community.checkpoint.com/t5/Security-Gateways/Replace-Upgrade-Cluster/td-p/69216

Also, make sure to NOT backup/restore, as its different hardware. Do clish -c "show confirguration" /var/log/configfile.txt on current fw, make necessary changes to reflect interfaces/routes on new fw and then on the new fw, from clich, run load configuration /var/log/configfile.txt (just make sure its in /var/log dir or wherever you move it to).

Hope that helps.

Andy

G_W_Albrecht
MVP Silver
MVP Silver
‎2023-01-18 12:42 PM
In response to the_rock
Jump to solution

For the Also part:

As of https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

A Gaia backup, unlike a Gaia snapshot, can be restored on the same or a different appliance running the same Check Point Gaia OS version and hotfixes.

But:

  1. Do one of these:
    • Revert to a Gaia Snapshot - restores the Check Point version with all the setup details, including type (management/gateway) and installation of hotfixes.
    • Restore from a Gaia Backup - restores latest system configuration with all recent network and security configuration.
  2. Compare the output of Gaia Clish command "show configuration" to the saved configuration to verify that Gaia OS configuration was restored properly.

So you are partly right with a very good point indeed !

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
the_rock
MVP Gold
MVP Gold
‎2023-01-18 07:20 AM
In response to gm446
Jump to solution

Let us know if any issues. I had done this few times successfully, so can definitely help you out if need be.

Good luck!!

0 Kudos
gm446
Contributor
‎2023-01-18 07:22 AM
In response to the_rock
Jump to solution

Thank you all very much for the help.

i will update on the results

Yossi

0 Kudos
the_rock
MVP Gold
MVP Gold
‎2023-01-18 07:23 AM
In response to gm446
Jump to solution

Any time. Here comes my corny joke everyone is sick off..."For you, no charge, except iphone charge" ; - )

Andy

0 Kudos
the_rock
MVP Gold
MVP Gold
‎2023-01-18 05:36 AM
In response to G_W_Albrecht
Jump to solution

SIC is needed there, for sure.

0 Kudos
gm446
Contributor
‎2023-02-16 01:54 AM
Jump to solution

thank you everybody,

the replacement was smooth and everything works as planned.

only issue was after the first install policy DHCP and Office Mode was not working, resolved with a reboot.

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events