This is the way I've always done to migrate firewall from one box to another one. I don't think it is the best way to do it but it definitely does the job. 1) run upgrade_export on the existing firewall,
2) move this file to an ftp server where it is on the network, 3) copy the content of the /etc/sysconfig/cpnetstart file on the existing firewall and save it in notepad, 4) copy the content of the /etc/sysconfig/network file on the existing firewall and save it in notepad, 5) copy the content of the /etc/rc.d/rc.local file on the existing firewall and save it in notepad, 6) Install a SPLAT on the new server, 7) assign a temporary IP address to the new Server, 9) download the upgrade_export file you did in step 1, 9) put the server in a staging environment so that it will not conflict with your existing firewall, 10) run sysconfig and give the new server the hostname as the old one (this may not be necessary because the hostname in /etc/sysconfig/network file will override this after a reboot. I do it simply as a good habbit), 11) Go through the usual sysconfig to configure Checkpoint firewall, 12) replace the content of /etc/sysconfig/cpnetstart file with what you had in step 3, 13) replace the content of /etc/sysconfig/network file with what you had in step 4, 14) replace the content of /etc/rc.d/rc.local file with what you had in step 5. You can place interface speed and duplex setting in /etc/rc.d/rc.local as well, 15) reboot the new firewall, 16) login and run cpstop 17) in expert mode, run "upgrade_import" and specify the location of the file you download in step 9, 18) shutdown the new firewall, 19) shutdown the "existing" firewall, 20) replace the existing firewall with the new firewall, 21) reboot the new firewall, Now you should be able to login and manage the new firewall without missing a beat. Good luck! RoNNY <[EMAIL PROTECTED]> wrote: This was probably asked 15 gazillion times already, but I was wondering if someone knows a sure and best way to get this done. I have a very simple config: Splat R55 HFA 14 on one single box. That is: management and enforcement are one. I want to move this thing to a new server. So I went and bought an HP DL380 G4, and got the CD with R55 HFA 12. (this, by the way, happened only after dealing with two great guys at Checkpoint who gave me the ISO). Anyway, here's what I did: 1) Exported my configuration to a remote TFTP server. 2) Loaded R55 HFA 12 on the new box. 3) This is the part that got be a bit confused. I thought: "well...I loaded the thing, I can now import my configuration, and tada! It'll work!", but no. I had to go through sysconfig, as if I'm installing a new server, and then I rebooted. Now, I decided to skip setting the hostname, routing, NICs, etc, because I wanted my config restored from the backup file I created earlier. Moving on: 4) After reboot, I restored my config. I actually put it under /home/admin/, and restored it with the "upgrade_import" tool. I then rebooted. That's it, but here's the thing: my host name is still "cpmodule", there's no NIC definitions or anything else. I didn't connect yet with the SmartDashboard, but I assume that the rulebase is there. My question is: do I have an identical server now, and it's only missing the NICs, Routing, etc configuration, or did I do something wrong? I guess I was expecting a full blown restore of my entire server, and this didn't happen. Thanks -RoNNY ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
