Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Bob_Delinsky
Contributor

Export CMA's from Multi-domain and import into a new SMS

I have a client that is moving away from a managed service provider that manages two of their gateway clusters (R77.30) via Multi Domain(Provider-1). The client wishes to build an internal SMS and manage the gateways themselves going forward. I am having trouble finding a Check Point SK for exporting CMA's from Multi-domain and importing into a single SMS sever, if this is even a supported path.  Looking for a supported option if there is one, or would the customer need to purchase an MDSM license and import the CMA's directly into that? Thank you.

11 Replies
Ofir_Shikolski
Employee
Employee

I will recommend Check Point PS :Professional Services | Check Point Software 

High level to "export" Domain (CMA) to SMS

1. Install secondary SMS - same fixes and etc..

2. Synchronize databases

3. Promote the SMS

0 Kudos
Maarten_Sjouw
Champion
Champion

Wow, that is a long time ago that I heard this one being a solution. 

Regards, Maarten
Bob_Delinsky
Contributor

I like the idea, however there is no connectivity between where the new SMS is being built (Azure) and the current MSSP. They will not provide connectivity directly as its a managed service, will only provide an export.  Layer 8 (political) partly in play here

0 Kudos
Maarten_Sjouw
Champion
Champion

Bob,

Talked about this with a colleague of mine, he said, ok so you just build a secondary SMS, next to the MDS, in your environment. you sync it all make the SMS the master and do the migrate export from there.

Regards, Maarten
0 Kudos
Bob_Delinsky
Contributor

Thanks for the suggestion Maarten. I have used the secondary SMS as a method to export and bring over the database from the MDSM in the past. In this case, the MSSP would only provide the export of the CSA, could not get a secondary SMS stood up.  What we ended up doing was taking the CSA export, build a new SMS VM in ESX, and was then able to Migrate Import the data after matching all add-ons (R77.30 + add on). The sticking point was the licensing and Re-IP of the SMS which others have mentioned in past posts and not being able to log in with Smart Conssole, but it is possible to remove all the MDSM related licenses, add an eval license locally, then Re-IP the SMS following  sk40993, then applying a new permanent SMS license. Then reset SIC on the gateways, install policy and good to go.

0 Kudos
Maarten_Sjouw
Champion
Champion

Bob,

You should have built a MDSM in ESX and and SMS next to it, the MDSM to import the |CMA and the Secondary SMS to move the CMA to a SMS.

There are a lot of problems, these can happen lets say 2 weeks after running all ok and then all the sudden it breaks.

So please do rethink your way forward.

Regards, Maarten.

Regards, Maarten
Soeren_Rothe
Collaborator

Maarten Sjouw

Maarten,

in the Check Point KB it is mentioned, that a migration from MDSM to SMS is officially not supported (sk33067). 

Can you please tell me, if you tried this also on R80.10 / R80.20 ? 

Thanks

Sören

0 Kudos
Maarten_Sjouw
Champion
Champion

We did not have a need for this yet. But as you might have seen there is work ongoing at Check Point development in regarding the export and import tools for these possible directions:

  1. SMS to DMS
  2. DMS to SMS
  3. DMS to DMS
  4. SMS to SMS

That should cover all possibilities. See Eran Habad's answer in this thread

Regards, Maarten
0 Kudos
peter_schumache
Collaborator

I've written a complete step-by-step guide on how to migrate a Provider-1 cma to a single SMS. Although it is several years old and based on R75.40VS, most of it ist still valid for R77.30.

You can get it here

0 Kudos
Soeren_Rothe
Collaborator

Hi Peter, 

thank you very much, but it doesn't work for R80.xx 

Regards,

Sören

0 Kudos
genisis__
Leader Leader
Leader

Has anyone actually managed to do this using the SK's?
I've tried and I'm getting errors when attempting to import, however I can't see any logs produced to give me a clue where to look.

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events