migrate_server

Important - This command is used to migrate the management database from R80.20.M1, R80.20, R80.20.M2, R80.30, and higher versions.

For more information, see the R81 Installation and Upgrade Guide.

Description

Exports the management database and applicable Check Point configuration.

Imports the exported management database and applicable Check Point configuration.

Backing up and restoring in Management High Availability environment:

  • To back up and restore a consistent environment, make sure to collect and restore the backups and snapshots from all servers in the High Availability environment at the same time.

  • Make sure other administrators do not make changes in SmartConsole until the backup operation is completed.

For more information:

Notes:

  • You must run this command from the Expert mode.

  • If it is necessary to back up the current management database, and you do not plan to import it on a Management Server that runs a higher software version, then you can use the built-in command in the $FWDIR/scripts/ directory.

  • If you plan to import the management database on a Management Server that runs a higher software version, then you must use the migrate_server utility from the migration tools package created specifically for that higher software version. See the Installation and Upgrade Guide for that higher software version.

  • If this command completes successfully, it creates this log file:

    /var/log/opt/CPshrd-R81/migrate-<YYYY.MM.DD_HH.MM.SS>.log

    For example: /var/log/opt/CPshrd-R81/migrate-2019.06.14_11.03.46.log

  • If this command fails, it creates this log file:

    $CPDIR/log/migrate-<YYYY.MM.DD_HH.MM.SS>.log

    For example: /opt/CPshrd-R81/log/migrate-2019.06.14_11.21.39.log

Syntax

  • To see the built-in help:

    [Expert@MGMT:0]# cd $FWDIR/scripts/

    [Expert@MGMT:0]# ./migrate_server -h

  • To run the Pre-Upgrade Verifier:

    [Expert@MGMT:0]# cd $FWDIR/scripts/

    [Expert@MGMT:0]# ./migrate_server verify -v R81 [-skip_upgrade_tools_check]

  • To export the management database and configuration:

    [Expert@MGMT:0]# cd $FWDIR/scripts/

    [Expert@MGMT:0]# ./migrate_server export -v R81 [-skip_upgrade_tools_check] [-l | -x] [--include-uepm-msi-files] [--exclude-uepm-postgres-db] /<Full Path>/<Name of Exported File>

  • To import the management database and configuration:

    [Expert@MGMT:0]# cd $FWDIR/scripts/

    [Expert@MGMT:0]# ./migrate_server import -v R81 [-skip_upgrade_tools_check] [-l | -x] [-change_ips_file /<Full Path>/<Name of JSON File>.json] [--include-uepm-msi-files] [--exclude-uepm-postgres-db] /<Full Path>/<Name of Exported File>.tgz

  • To import the Domain Management Server database and configuration on a Security Management Server:

    [Expert@MGMT:0]# cd $FWDIR/scripts/

    [Expert@MGMT:0]# ./migrate_server migrate_import_domain -v R81 [-skip_upgrade_tools_check] [-l | -x] [-change_ips_file /<Full Path>/<Name of JSON File>.json] [--include-uepm-msi-files] [--exclude-uepm-postgres-db] /<Full Path>/<Name of Exported File>.tgz

Parameters

Parameter

Description

-h

Shows the built-in help.

export

Exports the management database and applicable Check Point configuration.

import

Imports the management database and applicable Check Point configuration that were exported from another Management Server.

Important - This command automatically restarts Check Point services (runs the "cpstop" and "cpstart" commands).

migrate_import_domain

On a Security Management Server, imports the management database and applicable Check Point configuration that were exported from a Domain Management Server.

Important - This command automatically restarts Check Point services (runs the "cpstop" and "cpstart" commands).

verify

Verifies the management database and applicable Check Point configuration that were exported from another Management Server.

-v R81

Specifies the version, to which you plan to migrate / upgrade.

-skip_upgrade_tools_check

Does not try to connect to Check Point Cloud to check for a more recent version of the Upgrade Tools.

Best Practice - Use this parameter on the Management Server that is not connected to the Internet.

-l

Exports and imports the Check Point logs without log indexes in the $FWDIR/log/ directory.

Important:

  • The command can export only closed logs (to which the information is not currently written).

  • If you use this parameter, it can take the command a long time to complete (depends on the number of logs).

-x

Exports and imports the Check Point logs with their log indexes in the $FWDIR/log/ directory.

Important:

  • This parameter only supports Management Servers and Log Servers R80.10 and higher.

  • The command can export only closed logs (to which the information is not currently written).

  • If you use this parameter, it can take the command a long time to complete (depends on the number of logs and indexes).

-change_ips_file /<Full Path>/<Name of JSON File>.json

Specifies the absolute path to the special JSON configuration file with new IPv4 addresses.

This file is mandatory during an upgrade of a Multi-Domain Security Management environment.

Even if only one of the servers migrates to a new IP address, all the other servers must get this configuration file for the import process.

Example:

[{"name":"MyPrimaryMultiDomainServer","newIpAddress4":"172.30.40.51"},{"name":"MySecondaryMultiDomainServer","newIpAddress4":"172.30.40.52"}]

--include-uepm-msi-files

  • During the export operation, backs up the MSI files from the Endpoint Security Management Server.

  • During the import operation, restores the MSI files on the Endpoint Security Management Server.

--exclude-uepm-postgres-db

  • During the export operation, does not back up the PostgreSQL database from the Endpoint Security Management Server.

  • During the import operation, does not restore the PostgreSQL database on the Endpoint Security Management Server.

/<Full Path>/<Name of Exported File>

Specifies the absolute path to the exported database file. This path must exist.

  • During the export operation, specifies the name of the output file.

    The command automatically adds the *.tgz extension.

  • During the import operation, specifies the name of the exported file.

    You must manually enter the *.tgz extension in the end.

Example 1 - Export operation succeeded

[Expert@MGMT:0]# cd $FWDIR/scripts/
[Expert@MGMT:0]# ./migrate_server export /var/log/Migrate_Export
 
You are required to close all clients to Security Management Server
or execute 'cpstop' before the Export operation begins.
 
Do you want to continue? (y/n) [n]? y
 
 
Copying required files...
Compressing files...
 
The operation completed successfully.
 
Location of archive with exported database: /var/log/Migrate_Export.tgz
 
[Expert@MGMT:0]#
[Expert@MGMT:0]# find / -name migrate-\* -type f
/var/log/opt/CPshrd-R81/migrate-2019.06.14_11.03.46.log
[Expert@MGMT:0]#

Example 2 - Export operation failed

[Expert@MGMT:0]# ./migrate_server export /var/log/My_Migrate_Export
Execution finished with errors. See log file '/opt/CPshrd-R81/log/migrate-2019.06.14_11.21.39.log' for further details
[Expert@MGMT:0]#