Migrating a Domain Management Server between R81 Multi-Domain Servers

This procedure lets you export the entire management database from a Domain Management Server Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server. on one R81 Multi-Domain Server Dedicated Check Point server that runs Check Point software to host virtual Security Management Servers called Domain Management Servers. Synonym: Multi-Domain Security Management Server. Acronym: MDS. and import it on another R81 Multi-Domain Server.

For the list of known limitations, see sk156072.

Procedure:

1. On the source Multi-Domain Server, export the Domain Management Server

   1. Run this API:

      migrate-export-domain

      For API documentation, see the Check Point Management API Reference - search for migrate-export-domain.

   2. Calculate the MD5 of the export file:

      md5sum <Full Path to Export File>

2. Transfer the export file to the target Multi-Domain Server

   1. Transfer the export file from the source Multi-Domain Server to the target Multi-Domain Server, to some directory.

      Note - Make sure to transfer the file in the binary mode.

   2. Make sure the transferred file is not corrupted.

      Calculate the MD5 for the transferred file and compare it to the MD5 that you calculated on the source Multi-Domain Server:

      md5sum <Full Path to Export File>

3. On the target Multi-Domain Server, import the Domain Management Server

   1. Run this API:

      migrate-import-domain

      For API documentation, see the Check Point Management API Reference - search for migrate-import-domain.

   2. Make sure that all the required daemons (FWM, FWD, CPD, and CPCA) are in the state "up" and show their PID (the "pnd" state is also acceptable):

      mdsstat

      If some of the required daemons on a Domain Management Server are in the state "down", then wait for 5-10 minutes, restart that Domain Management Server and check again. Run these three commands:

      mdsstop_customer <IP Address or Name of Domain Management Server> mdsstart_customer <IP Address or Name of Domain Management Server> mdsstat

4. Configure and assign the Administrators and GUI clients

   You must again configure the Multi-Domain Server Administrators and GUI clients and assign them to the Domains.

   1. Configure the Multi-Domain Server Administrators and GUI clients:

      1. Run the mdsconfig command

      2. Configure the Administrators

      3. Configure the GUI clients

      4. Exit the mdsconfig menu

   2. Assign the Administrators and GUI clients to the Domains:

      See the R81 Multi-Domain Security Management Administration Guide - Chapter Managing Domains - Section Creating a New Domain and Section Assigning Trusted Clients to Domains.

5. Install policy on all managed Security Gateways and Clusters

   1. Connect with SmartConsole Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on. to the Active Domain (to which this Domain Management Server belongs).

   2. Install the applicable policies on all managed Security Gateways and Clusters.