A Step-by-Step Guide to Migrating Check Point Management Server from R80.20 to R81.10
Introduction
We are migrating our Check Point Management Server from R80.20 to R81.10 to keep our network security up-to-date. This guide covers the steps for both the current R80.20 server and the new R81.10 server to ensure a smooth migration.
R80.20 Management Server
Download and Install Latest Deployment Agent
- Refer to sk92449 to download the latest Deployment Agent for R80.20.
Import and Install Upgrade Tools for R81.10
- Download the appropriate Check Point Upgrade Tools Package from sk135172.
- Confirm the Build Number matches the downloaded package:
cpprod_util CPPROD_GetValue CPupgrade-tools-R81.10 BuildNumber 1
- Verify migration readiness:
$FWDIR/scripts/migrate_server verify -skip_upgrade_tools_check -v R81.10
Start Database Export
- Export the R80.20 database:
$FWDIR/scripts/migrate_server export -skip_upgrade_tools_check -v R81.10 /var/log/R8020_to_R8110.tgz
- Verify the exported file integrity using md5sum:
md5sum /var/log/R8020_to_R8110.tgz
Copy the exported file to your PC using WinSCP before shutting down R80.20.
R81.10 Management Server
Copy and Verify Exported File
- Transfer the R80.20 exported file to R81.10 and verify md5sum:
md5sum /opt/CPsuite-R81.10/fw1/bin/upgrade_tools/R8020_to_R8110.tgz
Place the file in /opt/CPsuite-R81.10/fw1/bin/upgrade_tools/.
Run Import Command
- Navigate to
$FWDIR/scripts/and execute:
./migrate_server import -v R81.10 -skip_upgrade_tools_check /opt/CPsuite-R81.10/fw1/bin/upgrade_tools/R8020_to_R8110.tgz
- Install the management database and policy after a successful import.
Web SmartConsole Installation
- Download the Web SmartConsole package as per sk170314.
- Install on the Management Server:
/opt/AutoUpdater/latest/bin/autoupdatercli install /var/tmp/Check_Point_WEBCONSOLE_AUTOUPDATE_Bundle_T59_AutoUpdate.tar
Check Installation Status
- Monitor installation progress:
tail -f /opt/CPInstLog/AutoUpdateLogs/web_console
Access Web SmartConsole
Use a web browser to access SmartConsole via the Management Server IP, e.g., https://192.168.71.10/smartconsole.
Conclusion
This guide covers migrating Check Point Management Server from R80.20 to R81.10. By following these steps, you ensure a smooth transition and leverage the latest security features of R81.10. Reach out for support if needed.
Example of Migrate Export and Import
[Expert@MGMT:0]# fw ver R80.20 - Build 255 [Expert@MGMT:0]# cpprod_util CPPROD_GetValue CPupgrade-tools-R81.10 BuildNumber 1 996000412 [Expert@MGMT:0]# $FWDIR/scripts/migrate_server verify -skip_upgrade_tools_check -v R81.10 The verify operation finished successfully. [Expert@MGMT:0]# $FWDIR/scripts/migrate_server export -skip_upgrade_tools_check -v R81.10 /var/log/R8020_to_R8110.tgz Export operation completed successfully. [Expert@MGMT:0]# md5sum /var/log/R8020_to_R8110.tgz 55acceab326cebfb5b6af2bece24e9cb
[Expert@MGMT:0]# fw ver R81.10 - Build 883 [Expert@MGMT:0]# md5sum /opt/CPsuite-R81.10/fw1/bin/upgrade_tools/R8020_to_R8110.tgz 55acceab326cebfb5b6af2bece24e9cb [Expert@MGMT:0]# cd $FWDIR/scripts/ [Expert@MGMT:0]# ./migrate_server import -v R81.10 -skip_upgrade_tools_check /opt/CPsuite-R81.10/fw1/bin/upgrade_tools/R8020_to_R8110.tgz Import finished successfully.
[Expert@MGMT:0]# fw ver R81.10 - Build 883 [Expert@MGMT:0]# /opt/AutoUpdater/latest/bin/autoupdatercli install /var/tmp/Check_Point_WEBCONSOLE_AUTOUPDATE_Bundle_T59_AutoUpdate.tar Installation succeeded for Web SmartConsole [Expert@MGMT:0]# tail -f /opt/CPInstLog/AutoUpdateLogs/web_console Web SmartConsole CheckHealth finished successfully