Migrating Database Between R80.40 Security Management Servers

This procedure lets you export the entire management database from one R80.40 Security Management Server and import it on another R80.40 Security Management Server.

Important - Before you migrate the database: Step Instructions 1 Back up your current configuration (see Backing Up and Restoring). 2 Examine the SmartConsole sessions: Connect with the SmartConsole to the Security Management Server. From the left navigation panel, click Manage & Settings > Sessions > View Sessions. You must publish or discard all sessions, for which the Changes column shows a number greater than zero. Right-click on such session and select Publish or Discard. 3 You must close all GUI clients (SmartConsole applications) connected to the source Security Management Server.

Procedure:

1. On the source R80.40 Security Management Server, export the entire management database

   Step	Instructions
   1	Connect to the command line on the current R80.40 Security Management Server.
   2	Log in to the Expert mode.
   3	Go to the $FWDIR/scripts/ directory: cd $FWDIR/scripts/
   4	Export the management database: If the "Endpoint Policy Management" blade is disabled on this Security Management Server And this Security Management Server is connected to the Internet, run: ./migrate_server export -v R80.40 [-l | -x] /<Full Path>/<Name of Exported File> And this Security Management Server is not connected to the Internet, run: ./migrate_server export -v R80.40 -skip_upgrade_tools_check [-l | -x] /<Full Path>/<Name of Exported File> If the "Endpoint Policy Management" blade is enabled on this Security Management Server This Security Management Server is connected to the Internet, run: ./migrate_server export -v R80.40 [-l | -x] [--include-uepm-msi-files] /<Full Path>/<Name of Exported File> This Security Management Server is not connected to the Internet, run: ./migrate_server export -v R80.40 -skip_upgrade_tools_check [-l | -x] [--include-uepm-msi-files] /<Full Path>/<Name of Exported File> For details, see the R80.40 CLI Reference Guide - Chapter Security Management Server Commands - Section migrate_server.
   5	Calculate the MD5 for the exported database files: md5sum /<Full Path>/<Name of Database File>.tgz
   6	Transfer the exported databases from the source Security Management Server to an external storage: /<Full Path>/<Name of Database File>.tgz Note - Make sure to transfer the file in the binary mode.

2. Install a new R80.40 Security Management Server

   Step	Instructions
   1	See the R80.40 Release Notes for requirements.
   2	Perform a clean install of the R80.40 Security Management Server on another computer. See Installing a Security Management Server.

   Important - The IP addresses of the source and target R80.40 servers must be the same. If it is necessary to have a different IP address on the R80.40 server, you can change it only after the upgrade procedure. Note that you have to issue licenses for the new IP address. For applicable procedures, see sk40993 and sk65451.

3. On the R80.40 Security Management Server, import the databases

   Step	Instructions
   1	Connect to the command line on the R80.40 Security Management Server.
   2	Log in to the Expert mode.
   3	Make sure a valid license is installed: cplic print If it is not already installed, then install a valid license now.
   4	Transfer the exported database from an external storage to the R80.40 Security Management Server, to some directory. Note - Make sure to transfer the file in the binary mode.
   5	Make sure the transferred files are not corrupted. Calculate the MD5 for the transferred files and compare them to the MD5 that you calculated on the source Security Management Server: md5sum /<Full Path>/<Name of Database File>.tgz
   6	Go to the $FWDIR/scripts/ directory: cd $FWDIR/scripts/
   7	Import the management database: If this Security Management Server is connected to the Internet, run: ./migrate_server import -v R80.40 [-l | -x] /<Full Path>/<Name of Exported File>.tgz If this Security Management Server is not connected to the Internet, run: ./migrate_server import -v R80.40 -skip_upgrade_tools_check [-l | -x] /<Full Path>/<Name of Exported File>.tgz Important - The "migrate_server import" command automatically restarts Check Point services (runs the "cpstop" and "cpstart" commands). For details, see the R80.40 CLI Reference Guide - Chapter Security Management Server Commands - Section migrate_server.

4. Test the functionality on the R80.40 Security Management Server

   Step	Instructions
   1	Connect with SmartConsole to the R80.40 Security Management Server.
   2	Make sure the management database and configuration were upgraded correctly.

5. Disconnect the old Security Management Server from the network

   Disconnect cables from the old Security Management Server.

6. Connect the new Security Management Server to the network

   Connect cables to the new Security Management Server.