Starting from Take 117 of R80.20 Jumbo Hotfix Accumulator (PRJ-5250), you can export the entire management database from a Domain Management Server on an R80.20Multi-Domain Server and import it on an R80.20Security Management Server.
For the list of known limitations, see sk156072.
Prerequisites on the source Domain Management Server:
Instructions in SmartConsole:
No |
Name |
Source |
Destination |
Services & |
Action |
Track |
Install |
---|---|---|---|---|---|---|---|
1 |
Traffic from new Security Management Server to managed Gateways |
Host object with new IP address |
Applicable objects of managed Security Gateways and Clusters |
|
|
|
|
Notes:
These default policies are called:
Name of VSX Gateway or VSX Cluster Object<
>_VSX
Prerequisites on the target Security Management Server:
Workflow:
Step 1 of 9: On the source R80.20 Domain Management Server, export the database
Step |
Description |
---|---|
1 |
Run this API:
For API documentation, see the Check Point Management API Reference - search for migrate-export-domain. Example:
|
2 |
Calculate the MD5 of the export file:
|
Step 2 of 9: Transfer the export file to the target R80.20 Security Management Server
Step |
Description |
---|---|
1 |
Transfer the export file from the source Multi-Domain Server to the target Security Management Server, to some directory. Note - Make sure to transfer the file in the binary mode. |
2 |
Make sure the transferred file is not corrupted. Calculate the MD5 for the transferred file and compare it to the MD5 that you calculated on the source Multi-Domain Server:
|
Step 3 of 9: On the target Security Management Server, import the Domain Management Server database
Step |
Description |
---|---|
1 |
Connect to the command line. |
2 |
Log in to the Expert mode. |
3 |
In a plain-text editor, prepare the applicable syntax for your environment:
Where:
|
4 |
On the target Security Management Server, run the |
Step 4 of 9: Configure and assign the Administrators and GUI clients
Configure the Multi-Domain Server Administrators and GUI clients:
cpconfig
commandcpconfig
menuStep 5 of 9: Stop the source R80.20 Domain Management Server
Step |
Description |
---|---|
1 |
Connect to the command line on the source Multi-Domain Server. |
2 |
Stop the source Domain Management Server you migrated:
|
Step 6 of 9: Test the functionality on the target R80.20 Security Management Server
Step |
Description |
---|---|
1 |
Connect with SmartConsole to the target Security Management Server. |
2 |
Make sure the management database and configuration were imported correctly. |
Step 7 of 9: Install policy on all managed Security Gateways and Clusters
Install the applicable policies on all managed Security Gateways and Clusters.
Step 8 of 9: Delete the source R80.20 Domain Management Server
Make sure you backed up the Multi-Domain Server. See Backing Up and Restoring.
Step |
Description |
---|---|
1 |
Connect with SmartConsole to the source Multi-Domain Server to the MDS context. |
2 |
From the left navigation panel, click Multi Domain > Domains. |
3 |
Right-click the Domain Management Server object you migrated and select Delete. |
Step 9 of 9: Delete the special Access Control rule you added before migration
Important - This step applies only if the target Security Management Server has a different IP address than the source Domain Management Server.
Step |
Description |
---|---|
1 |
Connect with SmartConsole to the Domain Management Server. |
2 |
In each Security Policy, delete the Access Control rule with the new Host object you added on the source Security Management Server before migration. |
3 |
Delete the Host object you added on the source Security Management Server before migration. |
4 |
Install the applicable policies on all managed Security Gateways and Clusters. |