Hi All, Hoping that you are enjoying the Festive Season.
We have the following environment:
A cluster of 4 x Gateways (Open Servers) running Gaia R80.20
A Primary and a Secondary Security Management Server (Open Servers) running Gaia R80.20M1.
(We discovered that this is not a supported configuration as we should not use R80.20M1 management servers
to manage R80.20 gateways. However this configuration has been working OK for around a year).
We had an issue whereby we couldn't connect to the Primary SMS via Smart Console.
We opened a TAC case with Checkpoint but they made the issue worse by making a change to the Secondary so that it no longer Synchs with the Primary.
(I'm not exactly sure what they did, they made the change without asking me if I'd taken a Snapshot and unfortunately I hadn't).
So I'm now in a position where I've got:
A Primary R80.20M1 SMS (which I can't connect via Smart Console but can connect to with SSH) to with an out of date rulebase.
A Secondary R80.20M1 SMS which is working OK with an up to date rulebase.
I've built two completely NEW open servers and installed Gaia R80.20 on them. I've built one as Primary and one as a secondary
(with the same IP addresses as the existing SMS's).
I have tried taking a migrate export from the existing R80.20M1 Primary SMS (albeit with an out of date rulebase) and importing this onto the new server
which I built as an R80.20 Primary SMS. However this produces error messages which Checkpoint's R+D department are still investigating.
So anyway my question is, can I do the following? :
1) Upgrade the existing R80.20M1 Secondary server to R80.20M2.
2) Upgrade the new server which I've built as a Secondary SMS from R80.20 to R80.20M2.
3) Export the database from the old Secondary SMS to the new Secondary SMS.
4) Promote this new Secondary SMS to be the primary.
5) Install the other new server as an R80.20M2 SMS secondary and synch it to the new primary.
(I have put this idea to Checkpoint but they say they don't recommend it because R80.20M2 is apparently "unstable").
I would very much welcome any ideas. Perhaps you would recommend a completely different course of action but please let me know your opinion.
Many thanks in advance.
Bookmarks