migrate_server

Important - This command is used to migrate the management database from R80.20.M1, R80.20, R80.20.M2, R80.30, and higher versions.

For more information, see:

Description

Exports the management database and applicable Check Point configuration.

Imports the exported management database and applicable Check Point configuration.

Backing up and restoring in Management High Availability environment:

For more information:

Notes:

  • You must run this command from the Expert mode.

  • If it is necessary to back up the current management database, and you do not plan to import it on a Management ServerClosed Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server. that runs a higher software version, then you can use the built-in command in the $FWDIR/scripts/ directory.

  • If you plan to import the management database on a Management Server that runs a higher software version, then you must use the migrate_server utility from the migration tools package created specifically for that higher software version. See the Installation and Upgrade Guide for that higher software version.

  • If this command completes successfully, it creates this log file:

    /var/log/opt/CPshrd-R81.20/migrate-<YYYY.MM.DD_HH.MM.SS>.log

    For example: /var/log/opt/CPshrd-R81.20/migrate-2022.06.14_11.03.46.log

  • If this command fails, it creates this log file:

    $CPDIR/log/migrate-<YYYY.MM.DD_HH.MM.SS>.log

    For example: /opt/CPshrd-R81.20/log/migrate-2022 - 2024.06.14_11.21.39.log

Syntax

  • To see the built-in help:

    [Expert@MGMT:0]# cd $FWDIR/scripts/

    [Expert@MGMT:0]# ./migrate_server -h

  • To run the Pre-Upgrade Verifier:

    [Expert@MGMT:0]# cd $FWDIR/scripts/

    [Expert@MGMT:0]# ./migrate_server verify -v R81.20 [-skip_upgrade_tools_check]

  • To export the management database and configuration:

    [Expert@MGMT:0]# cd $FWDIR/scripts/

    [Expert@MGMT:0]# ./migrate_server export -v R81.20 [-skip_upgrade_tools_check] [-l | -x] [--include-uepm-msi-files] [--exclude-uepm-postgres-db] [--ignore_warnings] /<Full Path>/<Name of Exported File>

  • To import the management database and configuration:

    [Expert@MGMT:0]# cd $FWDIR/scripts/

    [Expert@MGMT:0]# ./migrate_server import -v R81.20 [-skip_upgrade_tools_check] [-l | -x] [/var/log/mdss.json] [--include-uepm-msi-files] [--exclude-uepm-postgres-db] /<Full Path>/<Name of Exported File>.tgz

  • To import the Domain Management Server database and configuration on a Security Management ServerClosed Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server.:

    [Expert@MGMT:0]# cd $FWDIR/scripts/

    [Expert@MGMT:0]# ./migrate_server migrate_import_domain -v R81.20 [-skip_upgrade_tools_check] [-l | -x] [/var/log/mdss.json] [--include-uepm-msi-files] [--exclude-uepm-postgres-db] /<Full Path>/<Name of Exported File>.tgz

Parameters

Parameter

Description

-h

Shows the built-in help.

export

Exports the management database and applicable Check Point configuration.

import

Imports the management database and applicable Check Point configuration that were exported from another Management Server.

Important:

  • This command automatically restarts Check Point services (runs the "cpstop" and "cpstart" commands).

  • This note applies to a Multi-Domain Security Management environment, if at least one of the servers changes its IPv4 address comparing to the source server, from which you exported its database.

    You must do these steps before you start the upgrade and import:

    1. You must create a special JSON configuration file with the new IPv4 address(es).

      Syntax:

      [{"name":"<Name of Server 1 Object in SmartConsole>","newIpAddress4":"<New IPv4 Address of Server 1>"},

      {"name":"<Name of Server 2 Object in SmartConsole>","newIpAddress4":"<New IPv4 Address of Server 2>"}]

      Example:

      [{"name":"MyPrimaryMultiDomainServer","newIpAddress4":"172.30.40.51"},{"name":"MySecondaryMultiDomainServer","newIpAddress4":"172.30.40.52"}]

    2. You must call this file: mdss.json

    3. You must put this file on all servers in this directory: /var/log/

migrate_import_domain

On a Security Management Server, imports the management database and applicable Check Point configuration that were exported from a Domain Management Server.

Important - This command automatically restarts Check Point services (runs the "cpstop" and "cpstart" commands).

verify

Verifies the management database and applicable Check Point configuration that were exported from another Management Server.

-v R81.20

Specifies the version, to which you plan to migrate / upgrade.

-skip_upgrade_tools_check

Does not try to connect to Check Point Cloud to check for a more recent version of the Upgrade Tools.

Best Practice - Use this parameter on the Management Server that is not connected to the Internet.

-l

Exports and imports the Check Point logs without log indexes in the $FWDIR/log/ directory.

Important:

  • The command can export only closed logs (to which the information is not currently written).

  • If you use this parameter, it can take the command a long time to complete (depends on the number of logs).

-x

Exports and imports the Check Point logs with their log indexes in the $FWDIR/log/ directory.

Important:

  • Before you use this parameter, it is necessary to make sure all log indexes are closed and saved.

    Run this command in the Expert mode and wait for the output to show "Solr stopped":

    $RTDIR/scripts/stopSolr.sh

  • This parameter only supports Management Servers and Log Servers R80.10 and higher.

  • The command can export only closed logs (to which the information is not currently written).

  • If you use this parameter, it can take the command a long time to complete (depends on the number of logs and indexes).

/var/log/mdss.json

Specifies the absolute path to the special JSON configuration file with new IPv4 addresses.

The path and filename are mandatory.

This file is mandatory during an upgrade of a Multi-Domain Security Management environment.

Even if only one of the servers migrates to a new IP address, all the other servers must get this configuration file for the import process.

Syntax:

[{"name":"<Name of Server 1 Object in SmartConsole>","newIpAddress4":"<New IPv4 Address of Server 1>"},

{"name":"<Name of Server 2 Object in SmartConsole>","newIpAddress4":"<New IPv4 Address of Server 2>"}]

Example:

[{"name":"MyPrimaryMultiDomainServer","newIpAddress4":"172.30.40.51"},

{"name":"MySecondaryMultiDomainServer","newIpAddress4":"172.30.40.52"}]

--include-uepm-msi-files

  • During the export operation, backs up the MSI files from the Endpoint Security Management Server.

  • During the import operation, restores the MSI files on the Endpoint Security Management Server.

--exclude-uepm-postgres-db

  • During the export operation, does not back up the PostgreSQL database from the Endpoint Security Management Server.

  • During the import operation, does not restore the PostgreSQL database on the Endpoint Security Management Server.

--ignore_warnings

or

-ivw

If during an upgrade procedure, the Pre-Upgrade Verifier shows warnings, you can use this parameter to ignore warnings and continue the upgrade.

Important - To prevent issues during and after upgrade, we strongly recommend to resolve all issues and not use this parameter.

--exclude-licenses

  • During the export operation, does not back up the licenses from the Management Server.

  • During the import operation, does not restore the license on the Management Server.

--no_progress_bar

or

-npb

Disables the progress bar in the command line.

-n

Disables the interactive mode.

/<Full Path>/<Name of Exported File>

Specifies the absolute path to the exported database file. This path must exist.

  • During the export operation, specifies the name of the output file.

    The command automatically adds the *.tgz extension.

  • During the import operation, specifies the name of the exported file.

    You must manually enter the *.tgz extension in the end.

Example 1 - Export operation succeeded

[Expert@MGMT:0]# cd $FWDIR/scripts/
[Expert@MGMT:0]# ./migrate_server export /var/log/Migrate_Export
 
You are required to close all clients to Security Management Server
or execute 'cpstop' before the Export operation begins.
 
Do you want to continue? (y/n) [n]? y
 
 
Copying required files...
Compressing files...
 
The operation completed successfully.
 
Location of archive with exported database: /var/log/Migrate_Export.tgz
 
[Expert@MGMT:0]#
[Expert@MGMT:0]# find / -name migrate-\* -type f
/var/log/opt/CPshrd-R81.20/migrate-2022 - 2024.06.14_11.03.46.log
[Expert@MGMT:0]#

Example 2 - Export operation failed

[Expert@MGMT:0]# ./migrate_server export /var/log/My_Migrate_Export
Execution finished with errors. See log file '/opt/CPshrd-R81.20/log/migrate-2022 - 2024.06.14_11.21.39.log' for further details
[Expert@MGMT:0]#