Consolidation of Smartcenter

[gt123]

Hello,

I have my Smartcenter on a Windows platform with NGX R60. It holds the policy for 2 firewalls. I have another Smartcenter also on a Windows platform but on R55 and it looks after 1 firewall.
I would like to consolidate the Smartcenter servers to the NGX R60 one. Is there any tool to use to take the objects and policies out of the R55 server and merge them to the NGX R60 Server ? Or would I have to manually create new objects and rules ?

Thank you.

[chillyjim]

cpmerge can do it, but I would use object filler/dummper (Available on cpug), which can dump everything to a CSV, so you can edit it.

[mcnallym]

Note if you use the cp_merge then you would need to upgrade the second manager to R60 first.

[gt123]

Thanks guys, from the sounds of it, would my best path would be to create the objects and rules from scratch ?

[mcnallym]

It really depends upon what you feel most comfortable doing. With only one gateway probably not that many users, objects etc, so may be just as easy to do manually.

[auroranl]

Best thing is the official tools from checkpoint. objectdumper/filler is not supported, and does not work with time based rules, NAT rules and more, read the manual carefully for the limitations!

I would update the smartcenter (or create a new one from a backup and upgrade that one, just keep track of any rulebase changes while you migrate so you can redo them afterwards).

then do a

• cp_merge export_policy -s localhost -n <policyname> -d /some/backup/dir
  cp /var/opt/CPsuite-R60/fw1/conf/objects_5_0.C /some/backup/dir

(for SPLAT, change directories for windows to your setup)

copy the policy file and the object file to a dir on the new smartcenter

then do a

• cp_merge merge_objects -s localhost -u <adminaccount> -p <password> -d /some/dir/with/objectfile
  cp_merge import_policy -s localhost -u <adminaccount> -p <password> -f /some/dir/with/<policyname>

If you have a user database, export and import before importing the policy file.

export:
fwm dbexport -v -f /some/dir/<user-database-name>
import:
fwm dbimport -v -f /some/dir/user-database

• cpstop, cpstart

If you get errors during import of the objectfile, analyse them carefully for duplicate names etc. Just edit them before exporting to make them unique.

[gt123]

Thanks for the input everyone.