This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Martijn
Advisor
Advisor
‎2023-12-04 07:17 AM

Replacing PTC hardware

Hi all,

Customer has a Private Threat Cloud appliance in te network on R81.10 and Smart-1 3050 hardware.

The Smart-1 3050 is end-of-support by the end of this year, so the customer got a new Private Threat Cloud on Smart-1 6000 hardware.

We would like to replace the hardware with minimal effort, so I have configured the new hardware with the same settings like hostname and IP as the current one.

Looking at sk149692 I can get the certificate from the current Smart-1 3050 appliance:

  1. /web/conf/server.crt
  2. /web/conf/server.key

And import it into the new Smart-1 6000 appliance after I installed the PTC. Using the ptc_cli config command.

Is that all I need? Do I need to run anything on the management server?

By importing the certificate and keeping the same hostname and IP, the management should not see anything is different. Also the gateways have the correct entries in their hostfile and the PTC certificate is stored on the gateways.

Is my assumption correct, or am I missing something? 

Regards,
Martijn


0 Kudos
4 Replies
PhoneBoy
Admin
Admin
‎2023-12-04 01:42 PM

If PTC uses SIC then this will probably need to be re-established.

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2023-12-05 12:50 AM

You have to use Management Dashboard to select new HW model for PTC and renew the SIC.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Martijn
Advisor
Advisor
‎2023-12-05 01:13 AM

Hi,

From R80.20 PTC, there is no object for the PTC appliance in SmartConsole. And I never established a SIC (with a password) between PTC and appliances or management.

The only thing you do on a PTC appliance is installing R81.10 management and install the PTC software.

On the management server you use the PTC management add-on script to configure gateways to use the PTC instead of the public update servers. The management add-on script shows a current certificate from the PTC. Because I import the current certificate, this should not be a problem.The only thing the management add-on script does is configuring the hostfile and installing the PTC certificate on the gateways.

So the steps sound very simple and straight forward. Just want to make sure I do not miss something here.

In worst case scenario, I need to re-configure all gateways to use the 'new' PTC and that is not something I am looking forward to.

Martijn




0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2023-12-05 05:01 AM
In response to Martijn

I never installed a Management Blade on my TX1000 and had it managed as a PTC by my SMS. You do one policy install at least once on it...

 

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events