 | ||
 Migration of Multiple Mgmnt servers to single + HA Mgmnt server | ||
| CPUG | |
| The Check Point User Group | |
| A Resource For The Check Point Community. Fast. Useful. Independent. | |
|
| |||||||
 |
| | LinkBack | Thread Tools | Display Modes |
 2008-02-19 | |||
| |||
 Migration of Multiple Mgmnt servers to single + HA Mgmnt server Hi, I currently have an environment where there are two Mgmnt servers (both R55) managing 2 clusters of Nokia IP boxes each and all running CP R55 as well. I am planning to migrate to a better solution where i will have a single mgmnt server managing all 4 Nokia clusters and then mgmnt HA module. I plan do do it in the following way: 1: Do a upgrade_export from both the mgnt servers 1 and 2. 2: Get the .tgz files as output from these servers and install them on individual machines 3: On one of the machine do a cp_merge using the objects as well as policies frm the second mgmnt server. This will enable me to have a single mgmnt server with all configs / objects / policies ..etc from both the mgmnt servers 4: Reset SICs at all the Nokia enforcement modules as well there objects on the single mgmnt server and re-establish the SIC for all of them. 5: Create the HA for the single mgmnt server i have just created Does anybody see any potential issues in the above plan of action. Appreciate your Inputs. Regards  |
| 2008-02-24 | |||
| |||
| Re: Migration of Multiple Mgmnt servers to single + HA Mgmnt server I Think this is the correct way. We did this last year for 7 management station and with 80 firewalls. We migrated to 4 cma on a provider 1 management server. But you have to make sure that you don’t have conflicting objects. So make sure you don’t have any object/groups/networks/service with the same name but with diffirent ip or ports. You also have to export the users separately and you cannot export user groups, you have to ad the groups manually and then import the users. I would recommend testing this al first in a lab environment. Eduard |
| 2008-02-24 | |||
| |||
| Re: Migration of Multiple Mgmnt servers to single + HA Mgmnt server Yea.. thats correct... If you have similar objects in your diff smartrcenters, i would suggest to clean up all those objects -or- make them excatly the same.. char for char.. cp_merge will copy object from the "export" to the local machine you're doing it on... same objects (name, char for char) will not be imported, once that is done, you can import the policy.. if there are missing objects, the import policy will fail... From my painful experience, do note one thing... make sure you know your objects close to inside out.... one thing is that since same name objects are not imported.. i give you one simple scenario to ponder: on SCS1: test_group host1 host2 on SCS2 test_group host1 host2 host3 Now you have these 2 "conflicting" objects... can you "control" which is imported in or should stay the same??? |
| 2008-03-02 | |||
| |||
| Re: Migration of Multiple Mgmnt servers to single + HA Mgmnt server Hi, First of all thanks for the very useful inputs. I had a question though.. What if i need to change the "IP address" as well as the "Host name" of the new management server that i am setting up in place of the two earlier management servers..?! In such a scenario, what all changes would i have to do after the Upgrade_export / Import..? Thanks in advance. Regards |
| 2008-03-02 | |||
| |||
| Re: Migration of Multiple Mgmnt servers to single + HA Mgmnt server Quote:
upgrade_import into new machine using SAME IP Login to both Smartupdate and smartdashboard Unattach all licenses for the scs Change Hostname/IP Change actual ip on machine I would suggest to run this on a seperate machine entirely... try everything out... make sure it all works, but doing on your actual production machine.. |
|
| Thread Tools | |
| Display Modes | |
| |
Linear Mode
