No one ever seems to prefer this method, but I kinda like the old way: tar up the contents of your conf directory ftp to new box cpstop on new box untar in conf cpstart
works every time. If you want to clone a unix box, you can tar up contents of /etc and untar it on your new box then reboot. This will clone all interface settings, hosts, the works. Never did this on a Linux box so YMMV. I do this on Solaris, and can maintain an identical cold standby clone with minimal effort. A warning, if you do not clone your system configs and duplicate your interfaces, CP will not start because the topology information won't match and it will error out. Hal -----Original Message----- From: RoNNY [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 24, 2005 1:18 PM To: [email protected] Subject: [FW-1] Migrating firewall from box to box This was probably asked 15 gazillion times already, but I was wondering if someone knows a sure and best way to get this done. I have a very simple config: Splat R55 HFA 14 on one single box. That is: management and enforcement are one. I want to move this thing to a new server. So I went and bought an HP DL380 G4, and got the CD with R55 HFA 12. (this, by the way, happened only after dealing with two great guys at Checkpoint who gave me the ISO). Anyway, here's what I did: 1) Exported my configuration to a remote TFTP server. 2) Loaded R55 HFA 12 on the new box. 3) This is the part that got be a bit confused. I thought: "well...I loaded the thing, I can now import my configuration, and tada! It'll work!", but no. I had to go through sysconfig, as if I'm installing a new server, and then I rebooted. Now, I decided to skip setting the hostname, routing, NICs, etc, because I wanted my config restored from the backup file I created earlier. Moving on: 4) After reboot, I restored my config. I actually put it under /home/admin/, and restored it with the "upgrade_import" tool. I then rebooted. That's it, but here's the thing: my host name is still "cpmodule", there's no NIC definitions or anything else. I didn't connect yet with the SmartDashboard, but I assume that the rulebase is there. My question is: do I have an identical server now, and it's only missing the NICs, Routing, etc configuration, or did I do something wrong? I guess I was expecting a full blown restore of my entire server, and this didn't happen. Thanks -RoNNY ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
