This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
JayM1
Participant
‎2024-10-27 05:16 AM

Smart Event and Log Server Replacement

I am looking to migrate our old smart-1 log and event server with another replacement smart-1 physical appliance.

Id like to keep the existing IP details does anyone have a step by step process on best way to migrate the old appliance out?

0 Kudos
19 Replies
the_rock
Legend
Legend
‎2024-10-27 07:27 AM

I dont know if there is an official guide per se for things like that, but what I always personally give to customers is this. We run something like this on existing server -> clish -c "show configuration" > /var/log/current_config.txt (you run this from expert and you can output it into any dir and give whatever file name, just keep txt extension).

Then, you get the file using winscp (make sure /bin/bash shell is enabled) , and it will have all the current config of the appliance, which you can copy over the new one, just make sure not to copy anything that might be different. (copy in clish mode)

I never had an issue doing it that way.

Hope that helps.

Andy

P.S. Now, IF this was say management server and you wanted to copy all the policies/objects over (import them I shall say), then you would follow below process.

https://support.checkpoint.com/results/sk/sk135172

0 Kudos
JayM1
Participant
‎2024-10-27 12:34 PM
In response to the_rock

Thanks Andy, will give this ago.

This is just a secondary log server to management server.   

0 Kudos
the_rock
Legend
Legend
‎2024-10-27 12:42 PM
In response to JayM1

K, then I would follow clish method I gave, would make most sense. I mean, you could technically do backup/restore as well, but that would restore exact same settings, so would work, as long as its same type of hardware, as interfaces would need to match.

Andy

0 Kudos
JayM1
Participant
a week ago
In response to the_rock

Hi Andy,

The Smart-1 server was racked but no initial config applied as yet should I be able to console to it and login using default login admin/admin.   Some reason not working. I was going to apply config using the console reverse SSH.

The server has a SmartEvent blade on it ,  does the database need to be migrated off using migrate export ?  

0 Kudos
the_rock
Legend
Legend
a week ago
In response to JayM1

Migrate server would work, yes.

Andy

0 Kudos
JayM1
Participant
Monday
In response to the_rock

Sorry what impact does it have on endpoint clients if the smartevent server is down ?

0 Kudos
the_rock
Legend
Legend
Monday
In response to JayM1

Im not an endpoint expert myself, but I believe if server is down, then endpoint clients obviously cant be managed by it or get any updates from it either.

Andy

0 Kudos
JayM1
Participant
Monday
In response to the_rock

The endpoints communicate with SMS server which is not being migrated only the dedicated SmartEvent and secondary log server.   I assume its only the reporting that will be impacted but not clear if the threat feeds and policies to block new vulnerabilities will be missed during this time?

0 Kudos
the_rock
Legend
Legend
Monday
In response to JayM1

Well, think of it this way...its sort of same if fw license expires, it wont stop working, just wont get new ips/urlf updates and so on. Same here, feeds and policies will continue to work, just wont be updates if communication is "missing".

Andy

0 Kudos
JayM1
Participant
Monday
In response to the_rock

Does the software version need to be exact to perform a migrate export , down to hotfix version ?   Both are now on R81.20 but not sure about hotfix if both need to be on lastest jumbo fix before doing the migrate?   

0 Kudos
Tal_Paz-Fridman
Employee
Employee
Monday
In response to JayM1

Yes that's the recommendation:

When you use the Advanced Upgrade or the Migration and Upgrade method, before you import the management database on the R81.20 Servers, we strongly recommend to install the latest Recommended Take of the R81.20 Jumbo Hotfix Accumulator.

https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_Installation_and_Upgrade_Gui...

 

Also make sure to use the most up to date Upgrade Tools package:

https://support.checkpoint.com/results/sk/sk135172 

 

 

0 Kudos
JayM1
Participant
Tuesday
In response to Tal_Paz-Fridman

Is that the hotfix recommended jumbo take 89 or accumulator take 92 ?  
Does JHF also need to be applied to SMS and gateways as well or can I just install it on Smart-1 servers for now and apply JHF to others later?

0 Kudos
Tal_Paz-Fridman
Employee
Employee
Tuesday
In response to JayM1

For migration flow it "only" has to be on the Source and Destination machines.

As a general rule it should be on all the machines in the environment.

Take 89 is the Recommended one. Take 92 is the Latest one.

https://sc1.checkpoint.com/documents/Jumbo_HFA/R81.20/R81.20/R81.20_Downloads.htm 

0 Kudos
the_rock
Legend
Legend
Tuesday
In response to JayM1

Yes, it is recommended, as @Tal_Paz-Fridman advised as well. Though, when it comes to migrate_server, you can certainly do it with different versions, as per sk below, sort of like with migrate export in the old days.

Andy

https://support.checkpoint.com/results/sk/sk135172

0 Kudos
JayM1
Participant
yesterday
In response to the_rock

I am going to reset server to factory as it was built as checkpoint management server and not gateway so no option to reset SIC.   Its a pain it cant be converted easily without a factory reset from Gaia.  

0 Kudos
the_rock
Legend
Legend
yesterday
In response to JayM1

But hang on a second...IF all you are ding is migrating policies/objects, then use migrate server, but if you want to copy everything else, then backup/restore would not work if its different hardware. Now, what does work is if you copy bits and pieces from show configuration, as long as you MAKE SURE interfaces do match.

Andy

0 Kudos
JayM1
Participant
yesterday
In response to the_rock

Migrating from 525 to 600-M server so backup/restore not an option.   How can you check how original server was deployed as ?    I assume its a gateway if SIC is available in cpconfig on old server?   During the initial setup using wizard it can get confusing as you need to know the Deployment options and Installation Type is correctly selected.   There is nothing on Gaia portal to confirm is there ?

0 Kudos
the_rock
Legend
Legend
yesterday
In response to JayM1

Are you allowed to do remote? Happy to have zoom and check this for you. If yes, just message me directly and I can send you the link. We use MS teams for corporate communication, but I have my own zoom with 40 minutes remote limit, but that should be more than enough.

Cheers,

Andy

0 Kudos
AkosBakos
Leader Leader
Leader
Tuesday

Hi @JayM1 

This is a good question. But why should you keep the IP? Do you not have free IP in the subnet?

A

----------------
\m/_(>_<)_\m/
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events