This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Stuart_Green
Collaborator
‎2019-02-01 02:40 PM

Importing from SMS into MDS

Hi,

We've got to move a database which was on a Smart-1 into an MDS environment.  All we have to work with is a migrate export output which is about a week old.  We can't get access to the Smart-1 or the database (don't ask).

Doing a cma_migrate as per Installation and Upgrade Guide R80.20 ends with a "Migration completed successfully" message but nothing is imported in to the MDS.  This happens every time the domain is created (I did it a few times just in case) and the migrate export is approx 1GB in size.

Does this mean that the migrate export isn't going to be able to be imported into the MDS and a manual recreation of the rulebase is required?

TIA

16 Replies
PhoneBoy
Admin
Admin
‎2019-02-01 03:39 PM

Assuming the SMS is on R80.x, importing this into an MDS is not currently supported.

It is a limitation we plan to address in the near future.

0 Kudos
Stuart_Green
Collaborator
‎2019-02-01 03:45 PM
In response to PhoneBoy

Thanks Dameon. It’s a bit of a significant limitation, though!

Any estimate on a fix? R80.30? Any suggested workarounds?

0 Kudos
PhoneBoy
Admin
Admin
‎2019-02-01 03:48 PM
In response to Stuart_Green

Unfortunately, I don't have a timeline on direct support for this.

R&D is very aware this is a significant gap (especially since it was supported in R77.x) and are working to address it.

As far as workarounds, this is what you can do currently: Python tool for exporting/importing a policy package or parts of it

It does have some limitations, but it's better than a wholesale recreation of everything. 

Stuart_Green
Collaborator
‎2019-02-01 03:52 PM
In response to PhoneBoy

Got it, thanks. Use that a lot for import/export of Office 365 objects for HTTPS Inspection. It’ll save a fair bit of work!

0 Kudos
Eran_Habad
Employee
Employee
‎2019-02-07 12:32 AM

Hi Stuart Green‌,

My name is Eran and I'm the manager in Check Point R&D responsible for the core infrastructure of the Management server. Indeed in R80.x we're not yet supporting migration of a Security Management server into a Domain on a Multi Domain server. My team and I are working to complete this gap these days, and we target to reach EA few months from now. We would be happy to provide you an EA build on top of R80.20 as soon as we're ready so you could install and test it. You're also very welcome to provide your feedback and influence on the usability. Our plan is to integrate the code to an official version later this year.

This is a call for any customer who's waiting for the ability to migrate a Security Management server into a Domain on a Multi Domain server over R80.20 and above! You're welcome to reply to my comment and register, R&D will approach you in the next few of months to provide an EA build on top of R80.20.

migrate_SMS_to_MDS‌

Maarten_Sjouw
Champion
Champion
‎2019-02-07 04:12 AM
In response to Eran_Habad

Is R80.x domain to R80.x Domain, or even R80.x Domain to SMS part of this plan?

Regards, Maarten
0 Kudos
PhoneBoy
Admin
Admin
‎2019-02-08 02:37 PM
In response to Maarten_Sjouw

I believe all of the variants of moving to/from SMS to CMA/Domain will be supported as part of this effort.

0 Kudos
Eran_Habad
Employee
Employee
‎2019-02-12 01:13 AM
In response to Maarten_Sjouw

Yes, we're working on that as well. You can see my answer here:

https://community.checkpoint.com/thread/11357-r8010-mds-r8010-mds-with-new-hostname-new-domain-names... 

Catalin_Ciubota
Explorer
‎2019-02-26 07:50 AM
In response to Eran_Habad

Hi Eran,

Currently I'm working on SMS 80.10 migration to MDS 80.10. Actually I have to migrate another SMS on 77.30 to the same MDS 80.10 but for me the 80.10 is more important. I was able to export successfully using the script, and now I'm waiting for the import script to finish and see the results. I'm doing that on a VM before doing the import on the new MDS. I will be very happy if I can get some support from R&D, so please let me know if I can participate somehow. I'm interested to know if very is a mandatory order in creating domains, importing policies. I'm trying to avoid wasting time reverting the process, if something will not be OK.

Thank you in advance for your feedback.

0 Kudos
Eran_Habad
Employee
Employee
‎2019-02-27 09:41 PM
In response to Catalin_Ciubota

Hi Catalin,

What script are you using?
The ability to export R80.10 SMS and to migrate it to R80.10 MDS is under development (the purpose of my post was to share status and invite customers for EA few months from now).

Thanks,

Eran

0 Kudos
Catalin_Ciubota
Explorer
‎2019-02-27 11:49 PM
In response to Eran_Habad

Hi Eran.

It's the one from GitHub https://github.com/CheckPointSW/ExportImportPolicyPackage

I manage to do it on 80.10 but some Identity rules are not correct because there was some errors on Users Access Roles and then some NAT rules.

On 77.30 most of the NAT rules were not correctly imported.

Let's say I have just started and I have to work more. Are you interested in feedback from that GitHub script? CheckPoint will use that as a start or will create another from scratch?

Thank you!

Kind regards,

Catalin

0 Kudos
Eran_Habad
Employee
Employee
‎2019-02-28 02:05 AM
In response to Catalin_Ciubota

Of course we're interested! You're more than welcome to comment in the github... Amiad Stern is the owner of Management API, he or someone from his team will address it.

Eran

0 Kudos
Benjarocks
Explorer
‎2020-06-05 10:38 PM
In response to Eran_Habad

Hi Eran,

I'm waiting for the ability to migrate a Security Management server into a Domain on a Multi Domain server over R80.20.

The comment is enough to register for the EABuild?

Thanks

Benjamim Sequeira

0 Kudos
PhoneBoy
Admin
Admin
‎2020-06-06 08:39 AM
In response to Benjarocks

This functionality is available in the most recent Jumbo Hotfix of R80.20.
0 Kudos
protonj
Explorer
‎2020-12-15 06:05 PM

Hi Dameon, Is this functionality available in R80.10 MDS? We need to migrate an R77.30 standalone cluster to R80.10 MDS environment?

0 Kudos
PhoneBoy
Admin
Admin
‎2020-12-15 08:47 PM
In response to protonj

No, this is not supported in R80.10, which is nearing end of support.
You will need to upgrade to a later release which does support migrating an SMS into an MDS.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events