Here are suggestions: 1. Pick up your FP3 configs alongw/ global polcy and import normally. The upgrade verifier/detector would complain you are migrating global policy blah - but you continue. Upon successful import, if you log into SmartDashboard, you would see the imported global policy but no worries. Log off from CMA dashboard and move on the P-1 MDG Global Policy View 2. Assign the desired NGX R61 global policy - upon successful assignment, log back into CMA SmartDashboard and you would see the new NGX Global Policy - the old would have gone. The above two steps should resolve your problem unless your FP3 global policy is 'unforgiving'. I do it all the time every day in my environment from my production system to lab R62 system - did some CMA migration like this even yesterday. However the difference is that my prod is R55 and yours is at FP3 which as I said could be more unforgiving. Let us say if this does not work, please contact me offline and I would provide other 'masonry' to resolve it.
hth, Rajeev On 7/21/07, cisco4ng <[EMAIL PROTECTED]> wrote:
I need help from Provider-1 expert in this forum. In my production environment, I have Provider-1 NG Feature Pack 3 with HFA_318 running on Solaris 9. My MDS setup is as follows: Primary MDS Manager: 192.168.115.9/24 Secondary MDS Manager: 192.168.115.8/24 MDS Container-1: 192.168.115.10/24 There are about 100 CMAs on the MDS container-1. All of the CMAs have "global policies" installed to them. I now have a new Provider-1 NGx R61 with HFA_01 running Redhat Linux ES. The setup is as follows: Primary MDS Manager: 192.168.114.9/24 MDS Container-1: 192.168.114.10/24 I migrate the global policies from the P-1 NG Feature Pack 3 over to the P-1 NGx R61 box without issues. So far so good. ------ Now I have a customer that is currently residing on one of the CMAs in P-1 NG Feature Pack 3 and they need to be migrated P-1 NGx R61 environment. The customer CMA ip in P-1 NG Feature Pack 3 is 192.168.115.100. I know how to migrate from NG Feature Pack 3 CMA to NGx CMA. However, this process will require "removing" global policies on the CMA prior to tar up the file in the $FWDIR/conf, $FWDIR/database, $CPDIR/conf and $CPDIR/database of the CMA in NG Feature Pack 3. The problem is that the customer does NOT want to do that. They do not want the global policies on the CMA to be removed at all. There goes my dilema. ---- What I am thinking of doing is this: 1) stops the NG Feature Pack 3 CMA. 2) mdsenv 192.168.115.100 3) mdsstop_customer 192.168.15.100 4) copy everything under the customer CMA. For example, let say customer cma is customer_A_CMA, copy everything under the Customer_A_CMA directory and place it in the /tmp/tmp directory, 5) create a new CMA, let say TEST_CMA, with EVAL license on the NG Feature Pack 3 container but do NOT start it, 6) mdsenv TEST_CMA and mdsstop_customer TEST_CMA, 7) replace everything under the TEST_CMA directory with the stuffs in the /tmp/tmp directory, 8) mdsstart_customer TEST_CMA 9) Remove the global policies in TEST_CMA, Problem with this method is that the TEST_CMA takes on the same IP address as Customer_A_CMA as 192.168.115.100. I like to be able to work with a duplicate of Customer_A_CMA instead of live one. My question is this: is there a way to duplicate Customer_A_CMA without having to remove the "global polices" on the Customer_A_CMA itself? By the way, mds_backup is NOT an option for me. Many thanks. cisco4ng --------------------------------- Boardwalk for $500? In 2007? Ha! Play Monopoly Here and Now (it's updated for today's economy) at Yahoo! Games. --------------------------------- Pinpoint customers who are looking for what you sell. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
