This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
AkosBakos
Advisor
2 weeks ago

Tool for VS migtaion to simple cluster

Hi Community,

I'm just wondering is there any tool for VS migration to a simple cluster?

Or do I need to do it manually? Especially the VPN configuration (PSKs, etc) would be interesting.

Any tips and tricks would be appreciated 🙂

Thanks in advance,

Akos

0 Kudos
6 Replies
Bob_Zimmerman
Authority
Authority
2 weeks ago

The VPN config is stored on the management server. If the VS and the simple cluster are managed by the same management, there's no need to migrate any of that. Just add the new simple cluster to the VPN communities, and push the policy to it.

Same for rules.

Interfaces and routes can be a little complicated, but they mostly show up on the CLI of the VS. It's easy enough to copy all that and paste it into a different cluster. Only include the interfaces from the config which are actually used by the VS in question.

Cluster VIPs are in the cluster object, so you will need to add those in the management.

AkosBakos
Advisor
2 weeks ago
In response to Bob_Zimmerman

Hi Bob,

Thanks for the information. I hoped so, regarding the PSK-s etc. Thanks for the confim.

The rules etc. is clrear, this are stored on the MGMT.

BR

Akos

0 Kudos
PhoneBoy
Admin
Admin
2 weeks ago

Unfortunately this requires a certain amount of manual work has VS objects and regular gateway objects are different.
With R82 and VSNext, every VS will be a regular gateway object with a configuration you can access and change via the Gaia WebUI/clish.

It doesn’t solve the immediate problem, but once you upgrade and migrate to VSNext, the process of migrating a VS to/from a physical gateway becomes a lot more straightforward.

AkosBakos
Advisor
2 weeks ago
In response to PhoneBoy

Hi PhoneBoy,

The R82 is still far away, the problem needs inmediate solution as you mentioned.

During the migration we need to backup/snapshot of the entire VSX. (it has more than 3 VSs). The straightforward method is a snapshot. If we need to revert, in this case we need to revert the whole VSX gateway. I contains unnecessary risk from the other virtual systems point of view.

Is there any procedure to backup only an existing VS only for backup purposes? Only from one VS.

BR

Akos

0 Kudos
PhoneBoy
Admin
Admin
2 weeks ago
In response to AkosBakos

Neither the gateway or the management contain the complete configuration for a single VS independent of each other.
This is why a backup of both management and gateway is required for any VSX backups per the best practice documentation: https://support.checkpoint.com/results/sk/sk100395

Again, this gets much easier in R82 with VSNext.
Meanwhile, I'll defer to someone with more expertise to capture the relevant information for a specific VS.
It will not be a simple backup/restore.

0 Kudos
AkosBakos
Advisor
2 weeks ago
In response to PhoneBoy

Hi PhoneBoy,

Yes, I now the structure of the VSX environment, and the VSX GW ant the MGMT work in hand-in-hand. Lets's say, the larger part of the config is on the MGMT.

We have had a few migrations from simple cluster to VS, but the other way ( VS -> Simpla Cluster) a little bit unusual. Customers does not move this way usually.

We will build it in a LAB, and make almost all of the necessary steps for a successful migration on a demo.

R82 not an option at this moment. 

Br,

Akos

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events