Migrating SM210 to Virtual SMS

Biju_Nair · ‎2017-10-03

Hi,

In the existing scenario, single SM210 is running on 77.30 managing two 13500 gateways in cluster. I am planning to move the SM210 to a VM management and later shutdown the SM210. Please advise if there would be a downtime in migrating 210 management to a VM management. I wish to load the VM SMS with 80.10.

So the plan would be to keep the same IP(of SM210) and hostname to the new VM SMS and using migrate export tool, to load the existing policies and objects from SM210 to the new VM that would be running on 80.10.

Would I need to re-establish the SIC. While pushing the policy again from teh new VM SMS to teh gateways, will it create any downtime.

While using the migrate export tool, what are the configuration that I would miss.(say for eg OPSEC etc...)

Regards,

Biju

Danny · ‎2017-10-03

As the IP address, hostname and everything stays the same, there shouldn't be any downtime on the gateway side. It also shouldn't be required to re-establish SIC. Just follow the official migration guides and videos, plan, test and prepare thoroughly. Plan to keep the downtime of your management itself as low as possible if you use certificate based VPNs. Use the R80 Upgrade Verification Service provided by Check Point. Finally, if you see your R77.30 gateways within the monitoring of your R80.10 management, install the migrated security policy within a maintenance window. Have fun.

PhoneBoy · ‎2017-10-03

Migrate export/migrate import is one of the suggested methods for upgrading to R80.10.

The only difference is you're changing hardware, which is something that is sometimes done as a result of this upgrade.

Migrate export should get all the relevant settings, except for those in Gaia OS.

It also should not cause any downtime for your existing gateways.