Print Download PDF Send Feedback

Previous

Next

Migrating Database Between R80.30 Security Management Servers

This procedure lets you export the entire management database from one R80.30 Security Management Server and import it on another R80.30 Security Management Server.

Workflow:

  1. Back up the current R80.30 Security Management Server
  2. On the current R80.30 Security Management Server, export the entire management database
  3. Install a new R80.30 Security Management Server
  4. On the new R80.30 Security Management Server, import the database
  5. Test the functionality
  6. Disconnect the old Security Management Server from the network

Step 1 of 7: Back up the current R80.30 Security Management Server

See Back up your current configuration.

Step 2 of 7: On the current R80.30 Security Management Server, export the entire management database

Step

Description

1

Connect to the command line on the current R80.30 Security Management Server.

2

Log in to the Expert mode.

5

Go to the $FWDIR/bin/upgrade_tools/ directory:

[Expert@MGMT:0]# cd $FWDIR/bin/Management Server Migration Tool/

6

Export the management database:

  • If Endpoint Policy Management blade is disabled on this Security Management Server and:
    • This Security Management Server is connected to the Internet, run:

      [Expert@MGMT:0]# ./migrate_server export -v R80.30 [-l | -x] /<Full Path>/<Name of Exported File>.tgz

    • This Security Management Server is not connected to the Internet, run:

      [Expert@MGMT:0]# ./migrate_server export -v R80.30 -skip_upgrade_tools_check [-l | -x] /<Full Path>/<Name of Exported File>.tgz

  • If Endpoint Policy Management blade is enabled on this Security Management Server and:
    • This Security Management Server is connected to the Internet, run:

      [Expert@MGMT:0]# ./migrate_server export -v R80.30 [-l | -x] [--include-uepm-msi-files] /<Full Path>/<Name of Exported File>.tgz

    • This Security Management Server is not connected to the Internet, run:

      [Expert@MGMT:0]# ./migrate_server export -v R80.30 -skip_upgrade_tools_check [-l | -x] [--include-uepm-msi-files] /<Full Path>/<Name of Exported File>.tgz

Syntax options:

  • -v R80.30 - Specifies the version, to which you plan to upgrade.
  • -skip_upgrade_tools_check - Does not try to connect to Check Point Cloud to check for a more recent version of the Management Server Migration Tool.
  • -l - Exports the Check Point logs without log indexes in the $FWDIR/log/ directory. Note - The command can export only closed logs (to which the information is not currently written).
  • -x - Exports the Check Point logs with their log indexes in the $FWDIR/log/ directory. Note - The command can export only closed logs (to which the information is not currently written).
  • --include-uepm-msi-files - Backs up the MSI files from the Endpoint Security Management Server during the export operation.

7

This step applies only to R7x and R80 versions.

If SmartEvent Software Blade is enabled, then export the Events database.

See sk110173.

8

Calculate the MD5 for the exported database files:

[Expert@MGMT:0]# md5sum /<Full Path>/<Name of Database File>.tgz

9

Transfer the exported databases from the current Security Management Server to an external storage:

/<Full Path>/<Name of Database File>.tgz

Note - Make sure to transfer the file in the binary mode.

Step 3 of 7: Install a new R80.30 Security Management Server

Step

Description

1

See the R80.30 Release Notes for requirements.

2

Perform a clean install of the R80.30 Security Management Server on another computer.

Important:

The IP addresses of the source and target R80.30 Security Management Servers must be the same. If you need to have a different IP address on the R80.30 Security Management Server, you can change it only after the upgrade procedure. Note that you have to issue licenses for the new IP address. For applicable procedures, see sk40993 and sk65451.

Step 4 of 7: On the new R80.30 Security Management Server, import the database

Step

Description

1

Connect to the command line on the R80.30 Security Management Server.

2

Log in to the Expert mode.

3

Make sure a valid license is installed:

cplic print

If it is not already installed, then install a valid license now.

4

Transfer the exported databases from an external storage to the R80.30 Security Management Server, to some directory.

Note - Make sure to transfer the files in the binary mode.

5

Make sure the transferred files are not corrupted. Calculate the MD5 for the transferred files and compare them to the MD5 that you calculated on the original Security Management Server:

[Expert@MGMT:0]# md5sum /<Full Path>/<Name of Database File>.tgz

6

Go to the $FWDIR/scripts/ directory:

[Expert@MGMT:0]# cd $FWDIR/scripts/

7

Import the management database:

  • If Endpoint Policy Management blade is disabled on this Security Management Server and:
    • This Security Management Server is connected to the Internet, run:

      [Expert@MGMT:0]# ./migrate_server import -v R80.30 [-l | -x] /<Full Path>/<Name of Exported File>.tgz

    • This Security Management Server is not connected to the Internet, run:

      [Expert@MGMT:0]# ./migrate_server import -v R80.30 -skip_upgrade_tools_check [-l | -x] /<Full Path>/<Name of Exported File>.tgz

  • If Endpoint Policy Management blade is enabled on this Security Management Server and:
    • This Security Management Server is connected to the Internet, run:

      [Expert@MGMT:0]# ./migrate_server import -v R80.30 [-l | -x] [--include-uepm-msi-files] /<Full Path>/<Name of Exported File>.tgz

    • This Security Management Server is not connected to the Internet, run:

      [Expert@MGMT:0]# ./migrate_server import -v R80.30 -skip_upgrade_tools_check [-l | -x] [--include-uepm-msi-files] /<Full Path>/<Name of Exported File>.tgz

Note - The migrate_server import command automatically restarts Check Point services (performs cpstop and cpstart).

Syntax options:

  • -v R80.30 - Specifies the version, to which you plan to upgrade.
  • -skip_upgrade_tools_check - Does not try to connect to Check Point Cloud to check for a more recent version of the Upgrade Tools.
  • -l - Imports the Check Point logs without log indexes in the $FWDIR/log/ directory.
  • -x - Imports the Check Point logs with their log indexes in the $FWDIR/log/ directory.
  • --include-uepm-msi-files - Restores the MSI files from the Endpoint Security Management Server during the import operation.

Step 5 of 7: Test the functionality

Step

Description

1

Connect with SmartConsole to the new R80.30 Security Management Server.

2

Make sure the management database and configuration were imported correctly.

Step 6 of 7: Disconnect the old Security Management Server from the network

Step 7 of 7: Connect the new Security Management Server to the network

15 March 2020
Was this helpful?
Incorrect information Not what I'm looking for Too much information Confusing information
© 2020 Check Point Software Technologies Ltd. All rights reserved.