Re: Smart Event and Log Server Replacement

JayM1 · ‎2024-10-27

I am looking to migrate our old smart-1 log and event server with another replacement smart-1 physical appliance.

Id like to keep the existing IP details does anyone have a step by step process on best way to migrate the old appliance out?

the_rock · ‎2024-10-27

I dont know if there is an official guide per se for things like that, but what I always personally give to customers is this. We run something like this on existing server -> clish -c "show configuration" > /var/log/current_config.txt (you run this from expert and you can output it into any dir and give whatever file name, just keep txt extension).

Then, you get the file using winscp (make sure /bin/bash shell is enabled) , and it will have all the current config of the appliance, which you can copy over the new one, just make sure not to copy anything that might be different. (copy in clish mode)

I never had an issue doing it that way.

Hope that helps.

Andy

P.S. Now, IF this was say management server and you wanted to copy all the policies/objects over (import them I shall say), then you would follow below process.

https://support.checkpoint.com/results/sk/sk135172

JayM1 · ‎2024-10-27

Thanks Andy, will give this ago.

This is just a secondary log server to management server.

the_rock · ‎2024-10-27

K, then I would follow clish method I gave, would make most sense. I mean, you could technically do backup/restore as well, but that would restore exact same settings, so would work, as long as its same type of hardware, as interfaces would need to match.

Andy

JayM1 · ‎2024-12-12

Hi Andy,

The Smart-1 server was racked but no initial config applied as yet should I be able to console to it and login using default login admin/admin. Some reason not working. I was going to apply config using the console reverse SSH.

The server has a SmartEvent blade on it , does the database need to be migrated off using migrate export ?

the_rock · ‎2024-12-12

Migrate server would work, yes.

Andy

JayM1 · ‎2024-12-16

Sorry what impact does it have on endpoint clients if the smartevent server is down ?

the_rock · ‎2024-12-16

Im not an endpoint expert myself, but I believe if server is down, then endpoint clients obviously cant be managed by it or get any updates from it either.

Andy

JayM1 · ‎2024-12-16

The endpoints communicate with SMS server which is not being migrated only the dedicated SmartEvent and secondary log server. I assume its only the reporting that will be impacted but not clear if the threat feeds and policies to block new vulnerabilities will be missed during this time?

the_rock · ‎2024-12-16

Well, think of it this way...its sort of same if fw license expires, it wont stop working, just wont get new ips/urlf updates and so on. Same here, feeds and policies will continue to work, just wont be updates if communication is "missing".

Andy

JayM1 · ‎2024-12-16

Does the software version need to be exact to perform a migrate export , down to hotfix version ? Both are now on R81.20 but not sure about hotfix if both need to be on lastest jumbo fix before doing the migrate?

Tal_Paz-Fridman · ‎2024-12-16

Yes that's the recommendation:

When you use the Advanced Upgrade or the Migration and Upgrade method, before you import the management database on the R81.20 Servers, we strongly recommend to install the latest Recommended Take of the R81.20 Jumbo Hotfix Accumulator.

https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_Installation_and_Upgrade_Gui...

Also make sure to use the most up to date Upgrade Tools package:

https://support.checkpoint.com/results/sk/sk135172

JayM1 · ‎2024-12-17

Is that the hotfix recommended jumbo take 89 or accumulator take 92 ?
Does JHF also need to be applied to SMS and gateways as well or can I just install it on Smart-1 servers for now and apply JHF to others later?

Tal_Paz-Fridman · ‎2024-12-17

For migration flow it "only" has to be on the Source and Destination machines.

As a general rule it should be on all the machines in the environment.

Take 89 is the Recommended one. Take 92 is the Latest one.

https://sc1.checkpoint.com/documents/Jumbo_HFA/R81.20/R81.20/R81.20_Downloads.htm

the_rock · ‎2024-12-17

Yes, it is recommended, as @Tal_Paz-Fridman advised as well. Though, when it comes to migrate_server, you can certainly do it with different versions, as per sk below, sort of like with migrate export in the old days.

Andy

https://support.checkpoint.com/results/sk/sk135172

JayM1 · ‎2024-12-18

I am going to reset server to factory as it was built as checkpoint management server and not gateway so no option to reset SIC. Its a pain it cant be converted easily without a factory reset from Gaia.

the_rock · ‎2024-12-18

But hang on a second...IF all you are ding is migrating policies/objects, then use migrate server, but if you want to copy everything else, then backup/restore would not work if its different hardware. Now, what does work is if you copy bits and pieces from show configuration, as long as you MAKE SURE interfaces do match.

Andy

JayM1 · ‎2024-12-18

Migrating from 525 to 600-M server so backup/restore not an option. How can you check how original server was deployed as ? I assume its a gateway if SIC is available in cpconfig on old server? During the initial setup using wizard it can get confusing as you need to know the Deployment options and Installation Type is correctly selected. There is nothing on Gaia portal to confirm is there ?

the_rock · ‎2024-12-18

Are you allowed to do remote? Happy to have zoom and check this for you. If yes, just message me directly and I can send you the link. We use MS teams for corporate communication, but I have my own zoom with 40 minutes remote limit, but that should be more than enough.

Cheers,

Andy

AkosBakos · ‎2024-12-17

Hi @JayM1

This is a good question. But why should you keep the IP? Do you not have free IP in the subnet?

A

----------------
\m/_(>_<)_\m/

Are you a member of CheckMates?

Smart Event and Log Server Replacement