 | ||
 Move R65 SmartCenter to New Server | ||
| CPUG | |
| The Check Point User Group | |
| A Resource For The Check Point Community. Fast. Useful. Independent. | |
|
| |||||||
 |
| | LinkBack | Thread Tools | Display Modes |
 2008-04-24 | |||
| |||
 Move R65 SmartCenter to New Server I have been tasked with moving our SmartCenter server to a different machine - different name/ip address. Because I haven't done this before, I thought I would ask you all for opinions, links to look @, etc. We have a simple environment - 1 SmartCenter server, 1 R62 Firewall (running on a Nokia IP390), and a R62CM Connectra. Basically - I'm looking for steps to accomplish this. To be quite honest, I'm not sure where to begin. Thoughts/opinions/help?  |
| 2008-04-25 | |||
| |||
| Re: Move R65 SmartCenter to New Server I was asked to the same 2 weeks ago..... Before you do this answer some questions.... 1-Can you keep the IP-address of the old server- if yes , Excellent ;Otherwise you would have to update your licenses(depending on how your server/firewalls are licensed) 2-do you have to change the name of the server as well...if no Excellent, if yes...then be carefull as changing the name brings up issues with SIC and ICA. I had to give my new server a new name as the old one was doing other things and I could not bring it down. The new server was SPLAT, I gave the new server a new name; via 'sysconfig' . But I did not change the name of the object in the Smart Dashboard, this way I avoided resetting the SIC and ICA. Off course the the DNS query for the new server resolved to the new IP address, but this does not make a big difference. These are the steps that I took:- If you are giving a new IP to the new server then make a host object for the new server . add this to the checkpoint management rules , so that firewalls can take policy updates from the new server. Push the policy to the modules. 1) take the system backup of the smart center server ; use $FWDIR/bin/upgrade_tools/upgrade_export. store the archive in a secure place. This backup has everything that is there in the smartcenter (all licenses, objects, rules, ICA certificates etc...) My old SmartCenter server was a Red Hat Linux EL3 so the back up did not included network routes, you would have to see how the set up is at your end. 2) build the new server ; Mine was SPLAT. CHange the name of the new server (sysconfig); Install the Smartcenter software (sysconfig) . Make sure the HFA on this server is same as that on the old server, other wise the new server will not take the backup from the old server. 3) add routes to the new server. SO that it can talk to the firewalls. 4)apply the backup ; via $FWDIR/bin/upgrade_tools/upgrade_import Reboot the server . 5) login to smartdashboard to the new server.... (warning message about license will display).. push a policy to test if it is working .... 6) if everything fine, get new licenses. and apply them. 7) Change the IP address of the smartcenter server object in the policy to the new ipaddress. Push the policy ....if everything alright then you can plly the licesnses to the modules as well.... hope this helps ash |
| 2008-04-25 | |||
| |||
| Re: Move R65 SmartCenter to New Server If you change the hostname on the box you will need to perform a fwm sic_reset and then setp sic again with your firewalls. |
| 2008-04-28 | |||
| |||
| Re: Move R65 SmartCenter to New Server Sorry for the delayed reply. SmartCenter is running on W2k3 Server right now. It will be moved to the same OS. Both the IP AND the name have to change. The old IP was (is) outside of our current scheme & the machine is still performing other functions. Thanks for all the replies thus far! |
|
| Thread Tools | |
| Display Modes | |
| |
Linear Mode
