I GOT IT!!! Hi all, I would comment my experience migrating from Linux to SecurePlatform on a spare machine. After the problems I explained and reinstalling over and over again just turning crazy I decided not to follow CheckPoints "exact" instructions :-)
I did it this way: 1. Export the configuration from my current production smartcenter on Linux RHEL 3.0 using upgrade_export. 2. Setup an tftp server and copied the exported configuration via scp. 3. Disconnect my current SmartCenter from the network. 3. Install the new SmartCenter on SPLAT connected to the network with the same IP Address. 4. I did the forced initial reboot. 5. Connect via https:// to my new SmartCenter and accept the license agreement but then cancel the initial configuration and log out. 6. Connect via ssh to the splat and get into expert mode. 7. Launch cpconfig but do not setup anything. Select next until the point where it asks to import the configuration from an tftp server. 8. Import the configuration from tftp server and continue normally with installation. 9. Do not modify anything and complete smoothly the installation. 10. At the end, the installer says: IMPORTANT: Don't forget to reboot in order to complete the installation. but this time I did not reboot!!! 11. WITHOUT REBOOTING connect to the SmartCenter via SmartDashBoard and test the sic status ¡É Voilá! SIC is established!! 12. Push the policy to the EM and check that everything works fine. Check SmartView status, SmartView tracker and SmartUpdate. 13. If everything is fine reboot the new smartcenter. In this case I did not loose SIC again. I think that the whole problem was that I rebooted the smartcenter just after the succesful installation and configuration import before pushing the policy to the EM's!!. After that I setup date and time on the SmartCenter and I gave him the right name. Now I will run it for a couple of days in production and if everything works fine I will reuse the old SmartCenter machine for other purpouses. Maybe it would be a good idea to reboot the EM's and verify that there are also no problems after that :-) The next step is the HFA-18! I hope this could be useful for somebody else in the CP Community. Thanks again for your help, Regards, Eric Janz ----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Eric Janz Sent: Monday, June 13, 2006 10:11 To: [email protected] Subject: Re: [FW-1] Migrating SmartCenter from Linux to SPLAT Thanks to both for your quick answer, in fact I used the upgrade_export tool. For the import we tried it using different ways: 1. Fresh install of SPLAT on a spare machine. After the forced reboot we used the web interface to make the initial configuration and product installation. After that we used upgrade_import from command line. Everything is well but SIC gets lost :-( 2. Fresh install of SPLAT on a spare machine. After the forced reboot we used command line and launched cpconfig. Then, after initial setup it asked us to fetch the import configuration from an tftp server. We did it that way and everything went ok (product installation, configuration import) but again the sic gets lost :-( Are these the correct ways to do this migration? It would be great if we could move from Linux to Splat without resetting the SIC... Any ideas??? Best regards, Eric Janz ----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Reinhard Stich Sent: Monday, June 12, 2006 23:06 To: [email protected] Subject: Re: [FW-1] Migrating SmartCenter from Linux to SPLAT hi, did you use the upgrade_export and upgrade_import tools? or how did you move the config from one box the the other? cheers reinhard ----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Jeff Jarmoc Sent: Monday, June 12, 2006 22:48 To: [email protected] Subject: Re: [FW-1] Migrating SmartCenter from Linux to SPLAT I've migrated to new hardware in the past, while maintaining the same OS, and been able to maintain SIC. The trick was using the upgrade export utility, then when building the fresh install choosing the option to import a saved configuration. I've been able to migrate between different versions of windows (NT to 2000, 2000 to 2003) so I imagine that would work when going between platforms as well. Did you use the upgrade utilities? I've also found the upgrade utilities great for upgrading between builds. Jeff Jarmoc - Sr. Network Analyst _________________________________________________________________________ Grubb & Ellis Company | email: [EMAIL PROTECTED] -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Eric Janz Sent: Monday, June 12, 2006 22:30 To: [email protected] Subject: [FW-1] Migrating SmartCenter from Linux to SPLAT Hi all, we are migrating our SmartCenter (NG AI R55 HFA4) from Linux RHEL 3.0 to SecurePlatform mantaining exactly the same software. The new spare machine has the same name and the same IP address and we just switch the production machine with the newly installed machine. Unfortunately we are having trouble with SIC and are unable to communicate with the EM. Do you have any idea if it is possible to change OS without reestablishing the SIC or should we plan an downtime to reset SIC between the new SmartCenter and the Enforcement Modules? After the OS switch we would apply HFA18 and maybe later upgrade to NGX ¿Do you think that this order is the right way or should we upgrade directly from NG R55 HFA-04 to NGX?). Any help would be appreciated, Thanks in advance, Kind regards, Eric Janz -- ADVERTENCIA LEGAL: El contenido de este mail es confidencial y dirigido unicamente a su destinatario. Para acceder a su clausula de privacidad consulte http://www.barceloviajes.com/privacy LEGAL ADVISORY: This message is confidential and intended only for the person or entity to which it is addressed. In order to read its privacy policy consult it at http://www.barceloviajes.com/privacy ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
