Move Checkpoint NG AI 1

[tester125]

Hi All,

I'm running Checkpoint NG AI on a windows 2K Server, I need to move the application along with the database onto another server. What would be the best way of doing this?

Would I just reinstall the software onto the other box? If so what database do I need to copy over. Also would there be a problem with the license file, the public ip will remain the same except the private ip will change.

Thanks all

 

[kuon]

You need to backup
$FWDIR/conf/objects_5_0.C (on SmartCenter Server)
$FWDIR/conf/*.W
$FWDIR/conf/rulebases.fws
$FWDIR/database/fwauth.NDB*
use utilites
upgrade_export
upgrade_import
You must install CP on new server, then use upgrade_export put backup files on the same catalog.
About licanse I dont know, but the ip must be the same as in license.

 

[tester125]

Hey Kuon, thanks for the info:

Question: When doing the upgrade_export, I presume I'm running this from the current Server?. The upgrade_import is done from the New Server that I'm implementing?
Also on the new server do I just copy the Files over that you indicated, or when I do the import does that automatically copy the files over.
Also all the utilities that you mention should be in the windows wrapper .tgz file?


Thanks again

 

[ChrisAC]

The upgrade files upgrade_export and upgrade_import will back up all the files that you need. You do not need to copy anything else.

The location of the utilites will be %FWDIR%\bin\upgrade_tools\

Chris.


**********************
Chris Andrew, CCNA, CCSA
chris@iproute.co.uk
**********************

 

[tester125]

Hey,

Thanks alot guys.

I will give this a go Monday evening and let you know how it went.

 

[tester125]

Guys,

Do I need to run both the upgrade_export and upgrade_import utility. Or just one, depending on which box i'm running it on?

Thanks again

 

[ChrisAC]

On your old firewall, run upgrade_export. This will create a database file. Move this file to your new firewall (with Firewall-1 installed).

On the new firewall, run upgrade_import and tell it the path to the database file. It will then import all the objects and rules etc, and after a reboot you should have a fully functioning firewall with all your objects and rules in place.

This even works if the platform has changed. For example, I exported a file from a Windows 2000 server and imported it to a SecurePlatform box. The upgrade_import tool will convert all the objects to match the platform.

Chris.

**********************
Chris Andrew, CCNA, CCSA
chris@iproute.co.uk
**********************

 

[tester125]

Thanks for all the info guys.

I rescheduled this for tomorrow night, I will let you know how it went.

Thanks again

 

[tester125]

Also,

I was looking at the directory that Kuon mention. It does not have the export\import utility. Could I just download the utility from checkpoint website and run it?

 

[ChrisAC]

If you are running R54 or R55 it should be there (%FWDIR%\bin\upgrade_tools\).

If not then have a look at the Checkpoint download site.

Chris.



**********************
Chris Andrew, CCNA, CCSA
chris@iproute.co.uk
**********************

 

[tester125]

Hi Chris,

Got you now. One last question. Will it also import the license file? Or do I have to detach it and re-license it on the new server?

You guys been a great help.

Thanks again.

 

[ChrisAC]

Good point! I can't remember to be honest. You may have to put the licence in yourself after the export. It's best to have a copy of your licence details anyway.

Give it a go and then you can let us know ;-)

Chris.

**********************
Chris Andrew, CCNA, CCSA
chris@iproute.co.uk
**********************

 

[tester125]

Guys,

Did the move lastnight, ran into a few problems. I forget to share a few info. The destination server that I'm making the move to will have a different host name along with a different IP address. Of course when I did the import the Smart Update showed up with the Source Server name, also I ran into license issue. I could not log into the dashboard on the new server "Invalid license file".
I had to back out of the move.

I will read some more doc's. But if you guys have some more info in light of the new info. Please let me know.

Thanks again. Sorry I did not share all the info.