SIC help moving from standalone Solaris to Solaris gateway and Windows Console

[garrettc]

I am migrating a standalone Solaris gateway/management machine to a distributed HA environment with 2 solaris gateways and 1 windows managment console.

I have managed to export/import the rules into the windows console ok.

I reinstalled a clean gateway and vpn express (that's the licences we have) on solaris.

I cannot push the policy to the gateway because of a SIC error. The communications button for the SIC on the gateway object is grayed out. And there is not SIC menu item in the cpconfig menu on the gateway.

How can I proceed to establish the SIC in this situation?

Any help is Much appreciated!
garrett

[kva.kva]

Did you use this guide for migrating? - https://secureknowledge.checkpoint.c...ion&id=sk25536

May be problem with it
"Important Note:
Do not import the configuration during the installation. It should be manually imported later.
If you import configuration during initial installation, you will need to repeat the installation from the beginning."

[tdvit]

and make sure you do a distributed install

[garrettc]

Q:

1) Where to you select to do a Distributed install? Or what does that mean exactly?

2) In the instruction you referred me to, it says to remove FireWall-1 from the SmartCenter object.... there is no such object as the rules were imported from the exported file. ??

Also, I learned that setting a SIC is not an option when you install Express gateway as it is when you install Pro gateway.

And, I cannot delete the gateway object (because it's primary) or edit it from the rules objects. Nor can I deselect certain functions from it.

Lastly, I will be doing this migration on a customer's machines. They have designated their fileserver to be the SmartCenter server. I cannot simply rename it to the original box name as the document suggests. Which brings up the question - is it good or bad practice to put the Management station on the fileserver? Or should it be on a completely, less vulnerable machine?

Thanks in advance for your help,
garrett

[garrettc]

One more thing - This will ultimately be a Cluster XL setup. It seems to me that Checkpoint Express is not meant for Cluster XL, as there are not the same options in the installs for Express and there are for Pro.

Is that true or am i missing something? The licensing people told us that XL will work on Express gateways.

thanks,
garrett

[kva.kva]

Quote:

Originally Posted by garrettc

2) In the instruction you referred me to, it says to remove FireWall-1 from the SmartCenter object.... there is no such object as the rules were imported from the exported file. ??

There is no SmartCenter object. It's very strange.
Describe by step what did you do?