PDA

View Full Version : Migration from Distributed deployment to Standalone...



jackall
2013-04-17, 16:06
Hi all
I recently bump into an issue during a migration for one of my customers...
My customers wanted to upgrade from an distributed deployment NGX r65 cluster to an standalone GAIA r75.40 cluster .

Existing architecture:
SCS on a windows server
2Nokia IP appliance running NGX in a cluster.


Target architecture :
2 4407 appliances running r75.40

What I tried to do was to export Win SCS configuration , and , following a "complicated" upgrade path, import it back into the 4407.
Which work juste great... except for 2 things:

once the configuration is imported, on my new FW, the 'local firewall' object just disapear so I can't manage any rules as there is no recognized firewall anymore.
Last but not least, My 4407 think he is a management server, and I could not find a way to install du function to revert it back to firewall...

For the record, I had to do it in limited time so I just recreated all the rules using a script I wrote and dbedit...

But the question is still on my mind.

Was there a clean way to export configuration from a distributed deployement to a standalone deployement?

Thanks in advance.

++

Strider_99
2013-06-08, 01:06
Hi,

I recently did the same thing without upgrade so below is the procedure that worked for me. you will have to add upgradation steps before or after importing configuration files, i guess.

The Migration steps from distributed to standalone setup are as follows:

-- Take the upgrade export backup of management server.refer sk54100 in checkpoint website for the same
Its output is a .tgz file.

-- Take it out of the box and unzip it using winrar.

-- Open 'configuration' and 'configuration2' files.

-- Look for any instance of
:is_firewall_module (no)

and change it to
:is_firewall_module (yes)

-- Look for any instance of
:installed_products_registry_string ("FWManagement,Primary")

and change it to
:installed_products_registry_string ("FWManagement,FireWall,Primary")
Note: In FireWall word above, W must be Capital letter.

-- Compress all files into a TGZ file.

-- Try to import the configuration to new standalone machine using 'migrate import'.

After importing the backup

-- Close all GUI clients.

-- Open C:\Program Files (x86)\CheckPoint\SmartConsole\R71.30\PROGRAM\GUIDb Edit with admin privileges.

-- Go to Network Objects -> network_objects -> testdr

-- Ctrl+f -> firewall

-- Double click and change from “not-installed” to “installed”.

-- Ctrl+s

-- Open SmartDashboard.

-- Make sure both gateway and management tabs are available in the Checkpoint and Install policy.