Here is what you can do.
1. Make the new management module with the same name as your current
machine.
2. Do an upgrade_export on the current machine.
3. Install management (select only smartcenter) on the new machine and
use the exported configuration (advanced install).
4. Create a new checkpoint gateway (new name) for your firewall and
provide all required parameters.
5. Modify your rule base (if required) to push policy to this object.
6. Install vpn-1 pro only on the current machine. (Before that you can
uninstall the complete product).
7. Establish sic with the new management.
8. Push policy.
9. You are set to go.
This to note: If you have central licensing, you have to create all new
licenses with your new managment IP. This can be done via your
usercenter login. If you have local license you have to split the
management and firewall license, but it is better to have central
license. If you want to give a new name to your management, you will
have some issues including the internal CA has to be reconfigured
invalidating all the certificates.
Regards,
Ramki
Simon Ashford wrote:
I currently have a single firewall running both Management
and Enforcement modules. I am intending to split this
into a two-server configuration with the Management Module
on a new machine and the Enforcement Module staying where
it is.
How difficult is this to do? Is there any documentation
or guidance anywhere I should read?
Thanks.
Simon Ashford.
-------------------------------------------------------------------
This e-mail and any attachments may contain confidential and/or
privileged material; it is for the intended addressee(s) only.
If you are not a named addressee, you must not use, retain or
disclose such information.
NPL Management Ltd cannot guarantee that the e-mail or any
attachments are free from viruses.
NPL Management Ltd. Registered in England and Wales. No: 2937881
Registered Office: Serco House, 16 Bartley Wood Business Park,
Hook, Hampshire, United Kingdom RG27 9UY
-------------------------------------------------------------------
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
