Two SmartCenter sever consoldiation to one

[pgovindg]

Hi Forum guys,

We have two SmartCenter servers manges its own firewall's in diffrent locations and one standalone firewall smartcenter server on the same.

we wanted to accomplish following:

Two smartcenter servers manages diffrent FW's in diffrent locations & one standalone firewall which includes smartcenter.

1. How do I add polices & firewalls of smartcenter server 2 to smartcenter server 1?

2. How do I add standalone firewall to smartcenter server 1?

Please let me know the best method.

Thanks in advance

[chillyjim]

Personally I would start with a new box and move everything there. Barring that make sure you have good backup, that you can restore.

The tool you want to look at is cp_merge. There are other folks who have used this a lot more than I, but that's where to start...

-----

cp_merge -help
This is Check Point Database Merge tool NG Build NGX (R65) - Build 006.

Usage:
cp_merge merge_objects [-s <db server>] [-u <user> | -c <certificate file>] [-p <password>] -d <input directory> [-t]

cp_merge export_policy [-s <db server>] [-u <user> | -c <certificate file>] [-p <password>] [-n <package name> | -l <policy name> [-f <output file>]] [-d <output directory>] [-r]

cp_merge import_policy [-s <db server>] [-u <user> | -c <certificate file>] [-p <password>] [-n <package name>] [-d <input directory>] -f <input file> [-v]

cp_merge delete_policy [-s <db server>] [-u <user> | -c <certificate file>] [-p <password>] -n <package name>

cp_merge list_policy [-s <db server>] [-u <user> | -c <certificate file>] [-p <password>]

cp_merge restore_policy [-s <db server>] [-u <user> | -c <certificate file>] [-p <password>] [-n <package name>] [-d <input directory>] -f <input file> -v

cp_merge delimited_policy [-s <db server>] [-u <user> | -c <certificate_file>] [-p <password>] [-l <policyname>] [-f <file name>] [-a export | import_new | import_override | import_append ] [-k security | nat | all ]

Run cp_merge -help for detailed usage

-s <server> specify database server IP / name
-c <certificate file> path to certificate file
-u <user> database administrator user name
-p <password> user's password
-d <directory> specify working directory
-help print this summary

Objects Merge options:
-t test mode - does not save

Policy Export options:
-n <package name> policy package to export
-l <policy name> export policy package which <policy name> belongs to.
-r remove the original policy from the repository
-f <file name> specify output file name (default: <policy name>.pol)
(If both '-n' and '-l' are omitted all policies are exported)

Policy Import options:
-f <file name> specify input file name
-v override existing policy if found
-n <policy name> rename policy to <policy name> when importing

Policy Restore options:
-f <file name> specify input file name
-v override existing policy if found
-n <policy name> rename policy to <policy name> when importing
Note: Restore will work only when run locally on managment server.

Policy Delete options:
-n <policy name> policy to delete

Delimited Policy Import/Export options:
-a export export policy
import_new import a new policy
import_override imported policy will replace current
import_append imported policy's rules will be appended to current
-l <policy name> policy to export to/from
-f <file name> file to export to/from
-k security | nat | all types of policy to operate on
Note: security policy file is file_name.sec, NaT policy file is file_name.nat.

[Thorpuse]

Nother useful tool is Object Filler and Object Dumper Download Site . I've found cp_merge to be very unrelieable.

You can use the object filler/dumper to dump the objects and then import them back into the other system. This gives you better control over integration of objects and duplicates etc... It does mean you'll need to manually re-create rules, but as part of the consolidation you should be doing a review of the rulebases anyway.....

Good luck.

[pgovindg]

Thanks You friends, let me try out...