Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Attiq786
Participant

Moving R77.30 Standalone Management Full HA to Smart-1 Cloud

Hi All,
 

We have 4200 appliances in Standalone Management Full HA and on R77.30. Gateways will be migrated to 3600 appliances but the management is being migrated to smart-1 Cloud. 

Reading up on Infinity portal and Smart-1 cloud guide, management must be on R80.10 or above to be able to move to Smart-1 Cloud. but could not find anything that will explain the same migration script will also work on Standalone Management Full HA as well.

I am planning to test this on new appliances by upgrading them to R80.30 and running the migrate script from Infinity Portal , but would like to know if anyone else has done the same migration from Standalone Management Full HA and will this be the right thing to do or is there an easier solution for this.

I have also contacted maas@checkpoint.com  for their advise. 

Regards

Attiq

0 Kudos
5 Replies
PhoneBoy
Admin
Admin

You have a couple of different issues here:

  • Gateways are on R77.30 (Smart-1 Cloud requires gateways to be on R80.10+)
  • You’re using Full HA, which is a great use case for moving to Smart-1 Cloud, but I believe the migration assumes a separate management (not a standalone or full HA cluster).

It’s possible the migration scripts will handle this situation (what say you @Anat_Eytan-Davi ?), but I suspect you’ll need to separate from Full HA before migrating to Smart-1 Cloud.

While still on R77.30 may be the time to do this separation, actually.
See: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
You can put the management server on a VM in the meantime and use eval licenses.
Upgrade everything to the desired version.
Then use the export script to bring your management into Smart-1 Cloud.

0 Kudos
Anat_Eytan-Davi
Employee Alumnus
Employee Alumnus

In general migration to Smart-1 Cloud is supported from a Security Management Server and not from a Standalone, so it is important to separate them before the migrate.

In addition, Smart-1 Cloud is currently running on R81 for all new deployments, direct upgrade to R81 is supported only from R80.20 and above, therefore, you will need your management version to run R80.20 as a minimal version before migrating to Smart-1 Cloud.

0 Kudos
Attiq786
Participant

Thanks for the reply.

 

Here is what I have done until now.

Migrated the primary HA member (migrate export with R80.30 tools) to R80.30 on my VM.

Did another Migrate export on new R80.30 and followed the process in below article to separate the firewall. I have now the backup which should be able to migrate to a Management only R80.30. this seem to be easier rather than following a long process on R77.

Re: How to migrate from standalone configuration (... - Check Point CheckMates

 

I was building another R80.30 Management only instance in my lab to move this new Migrate export , but i had disk space issues in my lab which i am sorting now.

 

will update if the changeover worked and if the the script from infinity portal was successful.

do not think working with Primary member only will create any issues, rather than replicating the whole topology.

 

Thanks for your help @Anat_Eytan-Davi and @PhoneBoy 

0 Kudos
G_W_Albrecht
Legend
Legend

First step is made while still on R77.30, following:  sk44201: How to migrate Full HA environment to Distributed environment

Maybe you also will have to consult sk98831: "Execution finished with errors" message on migrate import / export command failure

After you have the SMS R77.30 in VM, you can upgrade using the standard procedures (CPUSE). The R77.30 Cluster config can be migrated using clish save configuration, see sk108902: Best Practices - Backup on Gaia OS.

CCSE CCTE CCSM SMB Specialist
0 Kudos
Attiq786
Participant

Ok Moving to R80 first did not work. Had to separate the Management while in R77.30 as per sk44201.

the followed the usual upgrade path to R80.30 and then on to R81 on infinity portal. worked fine.

Thanks.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events