Migrating an On-premises Security Management Server to Endpoint Security

With Endpoint Security, you can migrate from an on-premises Security Management ServerClosed Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server. to a Endpoint Security cloud tenant in the Check Point Portal.

Use Case

You are using the on-premises Security Management ServerClosed Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server. to manage Endpoint Security clients installed on the endpoints. You wish to use the Endpoint Security cloud service on the Check Point Portal for management.

Prerequisites

Before migrating an on‑premises Endpoint Security Management Server to Endpoint Security (EPMaaS), verify that the major versions of the EPMaaS service and the on‑premises Security Management Server are identical. Migration is supported only when the major versions match.

To find the Endpoint Security (EPMaaS) service version:

  1. Sign in to the Check Point Portal.

  2. Go to Service Management.

  3. Note the Endpoint Security service version.

To find the Security Management Server version:

  1. Connect to the Security Management Server using SSH.

  2. Run the following command:

    cpinfo -y all

  3. In the output, locate the Product Version (for example, R82.10, R82 and so on).

Notes:

  • Migration of Security Management Server from an environment with High Availability and Secondary server to Endpoint Security is not supported. For assistance, contact Check Point Support.

  • During the migration, the Endpoint Security Administrator Portal is temporarily locked and unavailable for use.

Known Limitationsc

See sk179713.

Migrating to Endpoint Security

To migrate an on-premises Security Management Server to Endpoint Security:

  1. Log in to Check Point Portal and access the Endpoint Security Administrator Portal.

  2. Go to Endpoint Settings > Migration Tool.

  3. Click Download.

    The system downloads the migration script.

  4. In the Endpoint Security Administrator Portal, copy the commands from the Migration Tool page Export Data.

  5. Transfer the downloaded migration script to a directory on the Security Management Server.

  6. On the Security Management Server, open the command line and run the commands you copied.

    The system generates encrypted_export.tgz file.

  7. Transfer the encrypted_export.tgz file to the local computer.

  8. In the Migration Tool page Import Data, click Browse and select the encrypted_export.tgz file.

  9. Click Upload & Start.

    Note - Check Point Portal supports the upload of files up to 5 GB. If the export file size exceeds 5 GB, contact Check Point Support.

    You receive a confirmation mail when the import is complete.

  10. Continue with the post-migration steps. For more information, see sk179687.

  11. Run the Reconnect tool on all the endpoints to reconnect to the Endpoint Security on the Check Point Portal. For more information, see Reconnect Tool.