Are you a member of CheckMates?
×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
1 Solution
Accepted Solutions
You meant to mds_export and mds-import 
it is part of the upgrade guide Upgrading one Multi-Domain Server
This one : Upgrading one Multi-Domain Server with Advanced Upgrade
You can use cpuse to verify it 
To do the upgrade, I will recommend to collect backup on a remote site and to upgrade all at once.
In order to use pre_upgrade_verifier , I think that is should be done as follow: please check if this R80.20
extract the migrate_tool , chmod 777 * OR chmod +x pre_upgrade_verifier
source $MDS_CPDIR/tmp/.CPprofile.sh
source $MDS_SYSTEM/shared/bin_definitions.sh
TMOUT=0 ; export TMOUT
COLUMNS=256 ; export COLUMNS
#For MDMS (CMAs)
for CMA in $($MDSVERUTIL AllCMAs | sort ); do
mdsenv "$CMA"
mcd tmp
/home/admin/migrate_tool/pre_upgrade_verifier -p $FWDIR -c R77 -t R80.20
done
# for MDM (MDS)
mdsenv
mcd tmp
/home/admin/migrate_tool/pre_upgrade_verifier -p $FWDIR -c R77 -t R80.20
Nice idea to create script to check all CMAs 
Just want to mention that I dont want to upgrade MDS. I have one R77.30 MDS and I would like to move all R77.30 CMAs to the freshly installed R80.20 MDS.
I will try "mds_backup" on R77.30 and "mds_restore" on R80.20, but I am almost 100% sure it will fail because the version is not the same...
You meant to mds_export and mds-import
it is part of the upgrade guide Upgrading one Multi-Domain Server
This one : Upgrading one Multi-Domain Server with Advanced Upgrade
Exactly what I was looking for
I will check it and do accordingly.
Thank you very much !
In facf all the steps for R80.20 are provided in link mentioned by ofirsea040d26-f1f2-3b12-9fc6-5c89debaf56c:
Installation and Upgrade Guide R80.20
To sum it up:
- Transfer R80.20 ISO to the R77.30 MDS
- Mount R80.20 ISO
- Run "<MOUNT_POINT>/linux/p1_install/mds_setup" script
- Follow on-screen wizard to create report (what are errors or warnings) and/or export itself
- Transfer export from R77.30 MDS to the R80.20 MDS
- Run command "$MDSDIR/scripts/mds_import.sh /var/log/exported_mds.<DATE>.tgz" on R80.20 MDS
- Go for coffee (better lunch), as the import took around 3 hours in my case
The script "mds_setup" will check all created CMAs for possible errors and warning, including Global Policy.
Here is report from R80.20 mds_import.sh tool:
Summary of Upgrade operation:
=====================================================================
Import operation started at: Fri Sep 28 21:51:45 CEST 2018
Multi-Domain Server databases - Success
Import operation for Multi-Domain Server finished at: Fri Sep 28 22:16:04 CEST 2018
Domain Management Server cma_VPN database - Success
Import operation for cma_VPN finished at: Fri Sep 28 22:24:34 CEST 2018
Domain Management Server cma_test database - Success
Import operation for cma_test finished at: Fri Sep 28 22:33:16 CEST 2018
Domain Management Server cma_VSX database - Success
Import operation for cma_VSX finished at: Fri Sep 28 22:42:02 CEST 2018
Domain Management Server cma_imported database - Success
Import operation for cma_imported finished at: Fri Sep 28 23:57:47 CEST 2018=====================================================================
--------------------------------------------------------------------------------
Import operation ended successfully.
The Multi-Domain Server can be started now.
Please note that first startup takes considerably longer than subsequent starts.
--------------------------------------------------------------------------------
DONE.
Well, the migration from R77.30 MDS to R80.20 MDS went smoothly (relatively).
At the moment, I have problem that after migration I cannot login into R80.20 SmartConsole, because following error:
API is also not working, because:
[Expert@MDS_R8020:0]# api status
API Settings:
---------------------
Accessibility: Require ip 127.0.0.1
Automatic Start: EnabledProcesses:
Name State PID More Information
-------------------------------------------------
API Started 23177
CPM Started 6839 Check Point Security Management Server is running and ready
FWM Started 17075
APACHE Started 4964Port Details:
-------------------
JETTY Internal Port: 50276
APACHE Gaia Port: 443
--------------------------------------------
Overall API Status: Started
--------------------------------------------API readiness test FAILED. The server is down and unable to receive connections!
Notes:
------------
To collect troubleshooting data, please run 'api status -s <comment>'
Once I want to add new Administrator from "mdsconfig", it shows that "Authentication to Server 127.0.0.1 failed.".
It is worth to mention, that my R77.30 MDS has leading IP address 192.168.135.10, but my R80.20 has 192.168.135.99.
During migration process, I was asked to change IP:
Multi-Domain Server IP address is 192.168.135.10 while your machines IP is 192.168.135.99.
Would you like to change your Multi-Domain Server IP address to 192.168.135.99 [yes/no] ? yes
Not sure if this can be somehow related ... I can do fresh install on R80.20 and configure it to use the same IP as my R77.30 MDS.
Hi ofirsea040d26-f1f2-3b12-9fc6-5c89debaf56c,
The original issue with "Authentication to Server 127.0.0.1 failed." was solved by How to change the IP address of a Multi Domain Management Server .
It may be also related to the fact that I have MDS HA available and Primary MDS has IP 192.168.135.10 and Secondary MDS has IP 192.168.135.99. I did migration from 192.168.135.10 to .99, which might cause some troubles, because at the moment I have both MDSs with the same IP
Anyway, you helped a lot and I would like to thank you !
