 | ||
 Migration from Nokia R62 to SPLAT R65 | ||
| CPUG | |
| The Check Point User Group | |
| A Resource For The Check Point Community. Fast. Useful. Independent. | |
|
| |||||||
 |
| | LinkBack | Thread Tools | Display Modes |
 2007-08-14 | |||
| |||
 Migration from Nokia R62 to SPLAT R65 Hello all, I am new to this forum. Good forum. I am planning to milgrate from a pair of Nokia IP530 running NGX R62 to a pair of SPLAT IBM appliance running NGX R65. What is the best way to perform the milgration? Thanks in advance. ultraming  |
| 2007-08-14 | |||
| |||
| Re: Milgration from Nokia R62 to SPLAT R65 Where is the SmartCenter? If it's not on the firewalls, it'll go easy. Upgrade the SmartCenter first. Build up each gateway complete with interface and routing configuration. Swap them out physically. You probably won't be able to establish SIC until you clear the ARP tables on the devices the old gateway was connected to, or just wait awhile. Establish SIC, push policy and away you go. Ray |
| 2007-08-16 | |||
| |||
| Re: Milgration from Nokia R62 to SPLAT R65 If already done the SMARTCenter then as Ray says, you just need to build two SPLAT boxes with interfaces and routing. The thing that you will need to do is change the platform to be SPLAT, and enable ClusterXL on the general properties page of the Cluster Object. This is important as SPLAT does not have any built in HA, like VRRP on the Nokia and requires ClusterXL to provide the functionality. I think that the topology should survive, so you shouldn't need to worry about that. |
| 2007-08-16 | |||
| |||
| Re: Milgration from Nokia R62 to SPLAT R65 the topology will survive BUT you may have to rename the interface. For example, in SPLAT, you will have eth0, eth1, eth2, etc... while in nokia, you will have something like eth-s1p1, eth-s1p2, etc... so you may have to change it. in Nokia, when you perform "cpstop;cpstart" on the enforcement module, NAT will work after. Not so on SPLAT in NGx R61 and R65. I have no idea why. |
| 2007-09-20 | |||
| |||
| Re: Migration from Nokia R62 to SPLAT R65 I did an upgrade export / upgrade import. The problem I am having right now is the clustering. When I do cphaprob state, I got Cluster Mode: Sync only (OPSEC), and the firewall state is Down. When I do cphaprob -a if, all of my interfaces show non-sync (non secured) Warning: Sync will not function since there aren't any sync (secured) interfaces. How can I correct this? Thanks. ultraming |
|
| Thread Tools | |
| Display Modes | |
| |
Linear Mode
