We have a 2200 appliance with R77.30 running on it. What is the best way to migration to 3100 for R77.30?
It a bit depends on the outage time that you can afford for this network part. I assumed you have only one 2200 gateway, not a cluster. The general procedure looks like this:
Thank you for your comments. Your information has been helpful for me.
Is the following method I think wrong?
1. Migrate Gaia settings using Gaia Clish. - manual verification required, interfaces may change
2. Use "Migrate export command" to migrate Security Managment settings. This includes all settings in SmartDashboard.
1. It is a very similar thing to what I suggested for 3 and 4 steps, it is a good approach.
The reason why I didn't recommend it to you previously is because there might be some issues with the order of commands in these configuration files. For example, if you have some command like set interface eth1.80 ipv4-address... but you didn't have another command for adding this vlan interface before, it will stop importing configuration. Not just continue with some partial errors like in Cisco. At least that is what often happens with this method. So, still need to manually chack and amend this configuration file, that's why I suggested just to paste them manually in a correct order.
Discussion on this topic:
Is Show configuration output oreder is correct
2. migrate export is required only for management server database. I think that you don't have a management server installed on 2200, but there is some central bigger appliance or VM for that. Right? As I remember you cannot even install management server on 2200 appliance. All rules, objects, etc. will be installed from management server to this new appliance.
Generally speaking, Check Point has two main software layers - OS (Gaia) and Check Point software (don't know how to properly name it). If you configure only OS level, you will have something like a router (interfaces, routing, dns, ntp settings, etc.). This is everything that you can configure from web-interface, and this is what you can see in show configuration. And the Check Point software level is on top of that, adding firewall policies, IPS profiles, and many thing for other blades, clustering and session synchronization. This comes with policy installation from a management server, this is what you see in Dashboard.
There is another similar thread about replacing appliances:
Hardware upgrade - 2200 to 4200
Thanks for your reply. I apologize to you. I had to tell you about Stand-Alone.
Your information was good and kind.
For a StandAlone deployment, i would suggest the following steps:
You then should be ready to put your new hardware into production! To be able to connect to the internet during this process, a maintenance window is needed if both old and new aplliance use the same public IP address.
Dear Günther W. Albrecht,
Thanks for your message.
Your information has helped me a lot. I will verify in this way.
Retrieving data ...