The simple solution here is to create a full export file (migrate export) on the existing machine and download this to a safe location. You could go for a full backup, but most management servers have a single NIC and default route and so don't need much in the way of base configuration and I personally prefer to do this as part of the initial configuration steps. If you have a little more in the way of routes, the new voyager-esque GUI on the Gaia build allows quick-add routes just like Nokias finest.
Once you have copied your export file to a safe location (and probably any unarchived log files from the $FWDIR/log directory), recycle the machine with a clean fresh Gaia installation. A couple of good reasons for this, including the fact that Check Point have simplified the disk partitioning in Gaia over previous Splat installations, and you're starting life with the established thinking, rather than making do with a kludge on the old layout. Once the base install completes (set the same IP address), follow the prompt to log on with a browser and complete the initial configuration to set the (same) hostname and domain name, DNS servers and routes. Then transfer back the export file and log on at the command line, switch to expert mode and complete a "migrate import" of the file. This will restore all the objects, rules and CA files you need and return your management server to normal operation (running R75.40). Log in to SmartDashboard and open SmartviewMonitor to check that the firewalls are happy, and then push a policy to them from Dashboard to complete the setup. Check you're getting the logs in Tracker and you're done. This will make sure you're running the cleanest Gaia upgrade possible without retyping the lot by hand. Total management outage is probably around 30-45 minutes with this method (depending on how fast your management server hardware can install the Gaia from DVD) if you're using discrete tin, less if you're using VMware and a disk based ISO image. The transfer of the file (via SCP) to/from your Splat environment takes a little bit of configuration in Expert mode which may add 5 minutes, and then of course there is the transfer time for your export file to upload to the rebuilt server, and the import itself. The fastest route is building a new clean Gaia machine on Vmware (or standby tin) using an IP address on the same subnet. The initial configuration, routing and transfer can happen before dropping the current management server, with a change of IP address to the proper management server IP immediately before the import being the only real requirement. Hope this helps. I used this method in the lab, and this weekend on the first live client upgrade completely successfully and without any firewall downtime or log loss at all. Best regards, Steve Bourike Applied Security Consulting Limited 1 Manor Road Mob: +44 7766 704871 Colne Tel: +44 7717 834468 Lancashire Web: http://www.appliedsecurity.co.uk BB8 7AS Email: [email protected] Security is a process, not a product. On 06/05/2012 20:50, "pkc_mls" <[email protected]> wrote: >Le 05/05/2012 4:38, carlopmart a écrit : >> Hi all, >> >> I am trying to install a log server R75.40 (and only log server), but >> when I launch setup, shows me this error: >> >> In order to install this application: >> 1631.000MB is required under / current machine has only 507.543MB of >> free space available >> >> Due to CheckPoint's software installs in /opt and /var/opt, I have a >> lot of free space (despite /var space, it will grow until 60GiB)... >> but installer only sees in / (of course it is a bug)... But, it is >> possible to pass an option to installer that doesn't check disk space?? >> ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
