Quote:
| Originally Posted by Sergej Always ask Checkpoint partner for 2-3 evaluation licenses before migration. Each parten can generate 30-days trial licecses in a single click.
Use trial licenses while you ae doing migrations. Stabilize you IP addreses and configuration an move/regenerate you real usercenter licenses.
It is looks like you want to move from RainWall dual-IPS sollution to SPLAT. If you have nyw hardware for enforcement point install SPLAT, configure IP addreses on the interfaces, initialize SIC, add new FW object to the SmartSenter (is IP addreses of the interfaces do not conflict with exising IPs). Istall existing rylebase on the new enforcement point. Reconfigure routes on surrounded routers (to point to a new FW, but not to old Cluster virtual IP)
Disconect old cluster. Wayt for a week, make sure ewerything is OK. Delete old Cluster and all assotiated objects. |
Hi. Thanks for your advice but I'm not using SPLAT at this moment. The main objective is to migrate the cluster stage-by-stage from old network configuration into a new with minimal service interruption. I have to break the cluster and bring out the secondary enforcement server from the existing cluster into the new network. I have to reconfigure the secondary firewall with new IP assignments and replace the existing 10/100 Quadcard with 1GB QuadCard. Once done, then I creates an initial policies for the standalone firewall. All the servers behind the old firewall cluster are move to the new firewall, one-by-one. Once all have move in, the old primary firewall will be reconfigured (similar to the secondary firewall) and join with secondary firewall into a new firewall cluster.
Below is my plan:
1. Firewall (2nd) breaks from existing firewall cluster.
2. Firewall (2nd) upgrade with a new 1GB QuadCard and assigns with new legal IPs. Internal IPs are remains the same.
3. Connect Firewall (2nd) to the new network, thus it becomes a primary firewall. This mean firewall (2nd) will be firewall (1st).
4. There will be a 1 to 2 weeks stabilization and migration period for servers from old to a new firewall in new network.
5. Once all servers are migrated to new firewall, the old firewall (1st) will be reconfigure with new QuadCard upgrade and IPs assignment, consequently joins with the new firewall (1st) as a firewall cluster. The old firewall (1st) become firewall (2nd).
6. Once complete, a stabilization period starts.
What's you opinion about my plan?