This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Philip_Huss
Participant
‎2018-10-25 04:10 AM

VSX migration

Hi all,

This is my first post on this community which I like alot!

So to my issue, I'm going  to migrate a Check Point cluster (appliances) to a VSX enviroment.
It's running on R80.10 the managment and on the gateways.
I guess the biggest challange will be the VPN tunnels (also it has to 3rd party VPN).

So my question now do you guys have any experience with this kind of migration, how I can prepare in the best possible way? Also I want the best way to possible solution for less impact.

Thanks in advance!


Best Regards
Philip

0 Kudos
3 Replies
Maarten_Sjouw
Champion
Champion
‎2018-10-25 05:02 AM

Is the cluster currently managed by the same management as the VSX cluster?

Will there be a 1 on 1 Cluster to VS migration? So all interfaces and VIP's will be reused on the VS?

If so that simplifies things, there are number of ways to do things, what I would do in that case:

  1. make sure the vlan's used on the physical cluster members are not allowed on the ports to the VSX cluster.
  2. add a new VS that takes over a part of the cluster and give it the correct interfaces and IP's
  3. add the VS to the VPN community in the same place as where the old cluster was, in a star the center gateway

At the moment of migration

  1. just disable the switch ports of the old cluster and allow the VLAN's to the new VS
  2. in the VPN community remove the old cluster from the gateways list - the PSK will remain and when your external IP is still the same (moved from cluster to VS) the VPN should restore on the VS.
  3. push Policy

Hope this gives you an idea on how to proceed.

Regards, Maarten
0 Kudos
Philip_Huss
Participant
‎2018-10-25 06:58 AM
In response to Maarten_Sjouw

Is the cluster currently managed by the same management as the VSX cluster?

The VSX cluster I haven't not configured yet, but yes it will be on the same managment.

Will there be a 1 on 1 Cluster to VS migration? So all interfaces and VIP's will be reused on the VS?

The cluster will be migrated to 2 VS, one for VPN tunnels and the other one for all other.
The external VIP IP will be the same for the VPN VS.

0 Kudos
Maarten_Sjouw
Champion
Champion
‎2018-10-25 07:50 AM
In response to Philip_Huss

The only problem will then be to split functionality and IP's in the migration windows.

Regards, Maarten

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events