NG R55 migration

benny · #1 (**permalink**) 2006-07-26

Hi Everyone

I am preparing to migrate my SmartCenter Management Station to a new hardware, IP Address and from win 2000 to 2003.

Could you look at the below step by step and let me know if there is anything i have missed. There are also a couple of questions in there.

.................................................. ..............................................
Migrating NG R55 SmartCenter to another hardware and IP address.

On current SmartCenter server

Add new SmartCenter Server to the firewall using the old smartcenter server

SmartDashboard

Manage > Network Objects > New… > Checkpoint… > gateway

Tick SVN foundation & Log Server & Secondary Management Station

Create a rule on the SmartCenter Server which allows Firewall-1 and CPD services from the above object to go to all gateways.

Does this include the following services:
CPD
CPD_Amon
FW1
And any other service that has FW1_* (As there are quite a few)

Push the rule to the managed gateways.

Run command

upgrade_export c:\Exportedconfig

copy exportedconfig.tgz to new SmartCenter Server

Run Setup on new SmartCenter Server
(Installing same components; SmartCenter Express & SmartConsole)

Run command

Upgrade_import c:\exportedconfig.tgz

reboot

Log into Checkpoint Web Site and generate the new certificates.

Import the new certificates. Where is the import utility for the new certificates.

Start and log in to the smartcenter console change the primary SmartCenter Object to the new IP Address.

Remove the secondary smartcenter management station created earlier.

Additional Queries…

Under… Policy > Global properties
Do I need to change the ‘Authenticate internal users with this suffix only:’

OU=users, O=SmartCenterSvr.domain.com.i3qdzi

Or does this get automatically changed.

chillyjim · #2 (**permalink**) 2006-07-26

Unless you are changing the system name and you want the SIC to match, you can make this a lot easier.

SIC communications happen as part of "Rule 0" by default (in global properties) so unless you changed it there you don't have to worry about the rulebase so:

1. upgrade_export current SC and copy the file to a TFTP server
2. build your w2k3 box (Think about using SPLAT instead)
3. Run through the install, it will ask about doing an "advanced upgrade" chose that.
4. It should ask about upgrading your licenses as part of the advanced upgrade, let it (the SC will need internet access and your UC login)
5. connect to the SC with SmartDashboard and change the IP address of the SC object
6. push policy.

That should take care of you.

benny · #3 (**permalink**) 2006-07-27

The new machine for smartConsole, will have a different name.

chillyjim · #4 (**permalink**) 2006-07-28

Host name won't matter as long as you can deal with the old name in the object. If not it involves using dbedit and/or editing the objects_5_0.c file by hand. There is an SK on this but I can't find it right now.

Also search the board this was recently discussed (changing the name)

benny · #5 (**permalink**) 2006-07-31

ok thanks. Just to check, HOw do i load the newly generated certificates into the new smartcenter svr?

benny · #6 (**permalink**) 2006-08-08

I tried to run through the steps of adding the second Management Station but this was greyed out so i couldnt go any further.

Any Ideas?

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode