Migrating Database Between R80.20 Security Management Servers

This procedure lets you export the entire management database from one R80.20 Security Management Server and import it on another R80.20 Security Management Server.

Workflow:

Back up the current R80.20 Security Management Server
On the current R80.20 Security Management Server, export the entire management database
Install a new R80.20 Security Management Server
On the new R80.20 Security Management Server, import the database
Test the functionality
Disconnect the old Security Management Server from the network

Step 1 of 7: Back up the current R80.20 Security Management Server

See Back up your current configuration.

Step 2 of 7: On the current R80.20 Security Management Server, export the entire management database

Step	Description
1	Connect to the command line on the current R80.20 Security Management Server.
2	Log in to the Expert mode.
3	Go to the `$FWDIR/bin/upgrade_tools/` directory: `[Expert@MGMT:0]# cd $FWDIR/bin/upgrade_tools/`
4	Export the entire management database: If Endpoint Policy Management blade is disabled on this Security Management Server: `[Expert@MGMT:0]# yes \| nohup ./migrate export [-l \| -x] [-n] /<`Full Path`>/<`Name of Exported File`>` & If Endpoint Policy Management blade is enabled on this Security Management Server: `[Expert@MGMT:0]# yes \| nohup ./migrate export [-l \| -x] [-n] [--include-uepm-msi-files] /<`Full Path`>/<`Name of Exported File`>` & Notes: `yes \| nohup ... &` - are mandatory parts of the syntax. See the R80.20 CLI Reference Guide - Chapter Security Management Server Commands - Section migrate.
5	If SmartEvent Software Blade is enabled, then export the Events database. See sk110173.
6	Calculate the MD5 for the exported database file: `[Expert@MGMT:0]# md5sum /<`Full Path`>/<`Name of Database File`>.tgz`
7	Transfer the exported database from the current Security Management Server to an external storage: `/<`Full Path`>/<`Name of Database File`>.tgz` Note - Make sure to transfer the file in the binary mode.

Step 3 of 7: Install a new R80.20 Security Management Server

Perform a clean install of the R80.20 Security Management Server on another computer.

Important:

The IP addresses of the source and target R80.20 Security Management Servers must be the same. If you need to have a different IP address on the R80.20 Security Management Server, you can change it only after the upgrade procedure. Note that you have to issue licenses for the new IP address. For applicable procedures, see sk40993 and sk65451.

Step 4 of 7: On the new R80.20 Security Management Server, import the database

Step	Description
1	Connect to the command line on the R80.20 Security Management Server.
2	Log in to the Expert mode.
3	Make sure a valid license is installed: `cplic print` If it is not already installed, then install a valid license now.
4	Transfer the exported database from an external storage to the R80.20 Security Management Server, to some directory. Note - Make sure to transfer the file in the binary mode.
5	Make sure the transferred file is not corrupted. Calculate the MD5 for the transferred file and compare it to the MD5 that you calculated on the original Security Management Server: `[Expert@MGMT:0]# md5sum /<`Full Path`>/<`Name of Database File`>.tgz`
6	Go to the `$FWDIR/bin/upgrade_tools/` directory: `[Expert@MGMT:0]# cd $FWDIR/bin/upgrade_tools/`
7	Import the management database: If Endpoint Policy Management blade is disabled on this Security Management Server: `[Expert@MGMT:0]# yes \| nohup ./migrate import [-l \| -x] [-n] /<`Full Path`>/<`Name of Exported File`>.tgz` & If Endpoint Policy Management blade is enabled on this Security Management Server: `[Expert@MGMT:0]# yes \| nohup ./migrate import [-l \| -x] [-n] [--include-uepm-msi-files] /<`Full Path`>/<`Name of Exported File`>.tgz` & Notes: `yes \| nohup ... &` - are mandatory parts of the syntax. See the R80.20 CLI Reference Guide - Chapter Security Management Server Commands - Section migrate.
8	If SmartEvent Software Blade is enabled, then import the Events database. See sk110173.
9	Restart the Check Point services: `[Expert@MGMT:0]# cpstop` `[Expert@MGMT:0]# cpstart`

Step 5 of 7: Test the functionality

Step	Description
1	Connect with SmartConsole to the new R80.20 Security Management Server.
2	Make sure the management database and configuration were imported correctly.

Step 6 of 7: Disconnect the old Security Management Server from the network

Step 7 of 7: Connect the new Security Management Server to the network