Hello, Our environment is as follows : 1) a existing production env. including 1 Smartcenter server NG R55 on Windows 2003 Server and 2 Nokia IP710 firewalls 2) a new env. that should replace the production env. : 1 new Smartcenter server NGX R62 on a new Windows 2003 server machine and 2 new Nokia IP560 Firewalls
The objective is to replace the existing production environment by the new one after a test period ; this new environment will be an exact copy of the existing one in terms of topology, objects, and rules except for the following points : a) the Smartcenter has a new IP address (different IP subnet) b) some interfaces of the 2 new Nokia IP560 will have their IP addresses changes too c) some objects will have their IP address changes too So, the main step, before starting tests on this new environment, is to migrate, via export/import functions, the existing configuration files from the existing production environment to the new one To do so, I have read the NGX R62 Upgrade Guide (especially the section about the case referring to Smartcenter IP address change (page 141) and tried different things, but nothing seems to work ; I am always blocked with licence problems Up to now, I managed to do the following things : 1) get, from the CheckPoint web, the 2 licence files associated with the newly ordered (and received) NGX R62 products , but by specifying the existing Smartcenter IP address ; 2) get, from the CheckPoint web, the 2 licence files associated with the newly ordered (and received) NGX R62 products , by specifying the new Smartcenter IP address ; acutally, theses 2 last licence files seem invalid, since we don't manage to log in to this new Smartcenter (from SmartDashBoard on this server itself) because of no valid licence found; so, we obtained 2 evaluation licences for this new environment with the new SMartcenter IP address, and this problem was solved Then I tried 2 different installation scenarios ; 1) install Smartcenter NGX R62 on a new Win2003 server by using the existing IP address (on an isolated test platform) and the newly obtained associated licences; no problem during this installation; then I used the right upgrade_export.exe tool on the existing NG R55 Smartcenter server to get a tgz pakage of the existing config files; I imported this file on the new NGX R62 server via the right upgrade_import.exe tool ; the result is OK, and I can see my existing configuration (objects, rules, ...) by logging in the new NGX R62 Smartcenter ; but, then, there is no way to change the IP address of this R62 server anf get it associated to the newly evaluation licences files via SmartUpdate 2) I did the same kind of operation as for scenarion 1, but installed the NGX R62 on a Window 2003 server, which had already the new IP address set; installation steps with the new evalution licences files worked OK ; then, the export/import operations worked too and I can log in this new Smartcenter and see the existing configuration (objects, rules, ...) previously imported; but, no way to change the IP address of the Smartcenter via SmartDashboard, nor get the right licences correctly attached via Smart Update Questions : 1) What would be the exact procedure to follow in our case ? 2) if we manage to solve this 1st problem about the new Smartcenter IP address (hopefully ...) 2a) how to replace the 2 existing Firewall/Gateways objects (imported via the import tool) by my new firewalls ? should I try to associate these 2 existing gateway objects to the activations key of the 2 new firewalls (keys obtained via CPCONFIG on these new firewalls) ? if yes, how to do so this association ? 2b) what is, then, the best method to make the IP address changes of the differents imported objects (I refer the objects which have a new IP address in this new environment) ? can I try to make a globale change (via a text editor) of the concerned IP addresses occurences , (such as 172.19.x..y) by the new address prefix 172.22.x.y, inside the objects_5_0.C and rulebases_5_0.fws.txt files ? the idea, oc course, is to avoid to make these changes manually, one by one, since several objects are concerned thanks in advance for your help -------------------------------------------------------------------------------------- Joel GUILLERM ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
