[FW-1] Seperating standalone to distrubed

[a bv]

Hi,
How can i seperate standalone R70 and further SPLAT installations to
gateway and management
modules   (especially gateway stands alone at the current hardware,
management  will reinstalled at virtual machine etc?)  what must be the
steps? And what to be carefull

Regards

=
To set vacation, Out-Of-Office, or away messages,
send an email to lists...@amadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=
If you have any questions on how to change your
subscription options, email
fw-1-ow...@ts.checkpoint.com
=

Re: [FW-1] Seperating standalone to distrubed

[pkc_mls]

Le 11/06/2013 13:31, a bv a écrit :

Hi,
How can i seperate standalone R70 and further SPLAT installations to
gateway and management
modules   (especially gateway stands alone at the current hardware,
management  will reinstalled at virtual machine etc?)  what must be the
steps? And what to be carefull

step1 : check if the licenses you have right now allows you to do this.
in some bundles you can't separate easily management from filtering.

step2 : export the configuration via upgrade_export from the running 
device. (pay attention as the upgrade_export stops the services, so it 
will cut the traffic while the export is running).


question 1 : will you keep the IP and name of the running smartcenter on 
the future smartcenter ?
(otherwise there is a dedicated sk entry to change ip and hostname on 
smartcenter).


step3 : install a fresh r70 (same release as the one you're running) on 
a virtual machine, with only smartcenter primary.

(no gateway).

step4 : import the exported config. try to open the config in 
smartdashboard, then convert the gateway to host, and see if you can 
modify the rules.


step 5 : install a virtual machine as gateway and add it to the 
configuration on smartdashboard.

try to push the policy and see if everything is fine.

step 6 : plan the migration from the standalone to distributed. If 
you're using the hardware for the future gateway, it means you have to 
reinstall the whole thing. The best would be to have another hardware so 
in case of any issue you can easily start again on a working 
configuration. If the hardware has a raid system like mirroring, you can 
remove one hard drive before reinstalling.


step 7 : check traffic before shutting down, shut down the running 
installation, start the new one, check traffic afterwards.



Regards




Email secured by Check Point

=
To set vacation, Out-Of-Office, or away messages,
send an email to lists...@amadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=
If you have any questions on how to change your
subscription options, email
fw-1-ow...@ts.checkpoint.com
=