CPUG

The Check Point User Group

A Resource For The Check Point Community.  Fast.  Useful.  Independent.

1. CCSA/CCSE One-Week Dual-Certification Training Course with CPUG in San Francisco!
    Courses Starting 12/8, (2009) 1/19, 2/9, 3/9, 4/6, 5/4, 6/8, 7/6, 8/3.
2. Join Us On LinkedIn - We now have a CPUG group.


Go Back   CPUG: The Check Point User Group > Check Point Firewall-1/VPN-1 And Related Products > Installing And Upgrading
Splitting management from enforcement Splitting management from enforcement
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 2006-03-24
Junior Member
  
Join Date: 2006-03-24
Posts: 16
Rep Power: 0
Trevor Rowley has an average reputation (10+)
Default Splitting management from enforcement
I have a single SPLAT box running VPN1 and Smartcentre. I would like to move the Smartcentre installation to a seperate box and end up with a distributed installation.

I've run the export but end up back where I started. Can anyone tell me the steps I should be following?
Reply With Quote
  #2 (permalink)  
Old 2006-03-24
Senior Member
  
Join Date: 2005-08-22
Location: Ottawa, Canada
Posts: 347
Rep Power: 4
Lackie has an average reputation (10+)
Default Re: Splitting management from enforcement
As you have already done the export. Install CP on the new management station appliance that you want to build and do an import. I believe it has to be the same IP addresses and hostname for the time being.

Once you know that you have connectivity to the dashboard, reinstall Check Point on the enforcement module.

If the enforcement module needs to keep the same IP addresses then you will have to change the IP address and hostname of the management station.

I don't know of any prettier way to do this. Someone else may have another solution.
Reply With Quote
  #3 (permalink)  
Old 2006-03-28
Junior Member
  
Join Date: 2005-08-19
Posts: 14
Rep Power: 0
Claer has an average reputation (10+)
Default Re: Splitting management from enforcement
As you, I tryed to separate the management from the filtering module using upgrade_export tool. It was a dead end. If you restore files from this backup, the script restores the firewall the way it was. That is to say, a standalone installation with SmartCenter and firewall module on the same host.

The best way I found was using cp_merge utility.
Export objects and rules using this tool,
install your SmartCenter from scratch,
import policy and objects,
check results by connecting to the SmarCenter.

At this stage, I see 2 solutions. Or reinstall the module and create SIC properly from both points, or try to convert the standalone installation to module only by applying #sk26320.

As noted in this SK, "WARNING: Check Point recommends reinstalling the products properly."
Reply With Quote
  #4 (permalink)  
Old 2006-03-28
Senior Member
  
Join Date: 2005-11-21
Location: Europe, Lithuania
Posts: 291
Rep Power: 4
Sergej has an average reputation (10+)
Default Re: Splitting management from enforcement
What the problem is?

1. Upgrade export to the new hardware
2. Reconfigure IPs
3. Change HostName
4. Add a trial license for new IP
5. Run SmartDashborad
6. Unselect unneeded FW component
7. Fresh install you enforcement (old FW). Choose distributed install
8. Add new object, initialize SIC

Done.

P.S. It is better to do a backup before (the best is to hide one of the SCSI mirror disks to the safe place while server not running)
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


All times are GMT -7. The time now is 07:15.

Contact Us - CPUG Home Page - Archive - Top

Powered by vBulletin® Version 3.7.4
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.2.0