On Sun, May 6, 2012 at 10:38 PM, Stephen Bourike <[email protected]> wrote: > The simple solution here is to create a full export file (migrate export) > on the existing machine and download this to a safe location. You could > go for a full backup, but most management servers have a single NIC and > default route and so don't need much in the way of base configuration and > I personally prefer to do this as part of the initial configuration steps. > If you have a little more in the way of routes, the new voyager-esque GUI > on the Gaia build allows quick-add routes just like Nokias finest. > > Once you have copied your export file to a safe location (and probably any > unarchived log files from the $FWDIR/log directory), recycle the machine > with a clean fresh Gaia installation. A couple of good reasons for this, > including the fact that Check Point have simplified the disk partitioning > in Gaia over previous Splat installations, and you're starting life with > the established thinking, rather than making do with a kludge on the old > layout. > > Once the base install completes (set the same IP address), follow the > prompt to log on with a browser and complete the initial configuration to > set the (same) hostname and domain name, DNS servers and routes. Then > transfer back the export file and log on at the command line, switch to > expert mode and complete a "migrate import" of the file. This will > restore all the objects, rules and CA files you need and return your > management server to normal operation (running R75.40). Log in to > SmartDashboard and open SmartviewMonitor to check that the firewalls are > happy, and then push a policy to them from Dashboard to complete the > setup. Check you're getting the logs in Tracker and you're done. > > This will make sure you're running the cleanest Gaia upgrade possible > without retyping the lot by hand. > > Total management outage is probably around 30-45 minutes with this method > (depending on how fast your management server hardware can install the > Gaia from DVD) if you're using discrete tin, less if you're using VMware > and a disk based ISO image. The transfer of the file (via SCP) to/from > your Splat environment takes a little bit of configuration in Expert mode > which may add 5 minutes, and then of course there is the transfer time for > your export file to upload to the rebuilt server, and the import itself. > > The fastest route is building a new clean Gaia machine on Vmware (or > standby tin) using an IP address on the same subnet. The initial > configuration, routing and transfer can happen before dropping the current > management server, with a change of IP address to the proper management > server IP immediately before the import being the only real requirement. > > Hope this helps. I used this method in the lab, and this weekend on the > first live client upgrade completely successfully and without any firewall > downtime or log loss at all. > >
Thanks Stephen, but this is not an upgrade installation, it is a fresh install ... And I prefer to use RHEL5 as base OS for SmartCenter services instead of Gaia or SecurePlatform. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
