This guide is made for those who wants to migrate a single gateway check point to distributed deployment. In this is environment setup I will use:
- One Existing Check Point Security Gateway UTM-1 with IP address 192.168.1.1/24 (standalone deployment)
- One New Smartcenter appliance (I use Smart-1 appliance) with IP address 192.168.1.3/24
With those devices above, I want to move the configuration from standalone at UTM-1 with the IP address 192.168.1.1 to distributed deployment. Here are the simplest steps I have configured:
- Detach all licenses for the existing standalone UTM-1 machine
- Run the upgrade_export utility on the existing standalone UTM-1 machine
- Install or run the SmartCenter product. I have the Smart-1 appliance, so in this scenario I don’ t have to install the software anymore. Just activate the SmartCenter product.
- Apply the same software version and HFA on both SmartCenter server and the security gateway.
- Run the upgrade_import utility on the new SmartCenter server or appliance.
- Modify the host name and the IP address of single gateway network object in the SmartDashboard
- Uncheck unnecessary Check Point products for the single gateway network object in the SmartDashboard
- If the configuration on the existing Security Gateway (UTM-1) still exists then uninstall it (scratch it).
- Attach the fresh installation existing Security Gateway to the new SmartCenter server.
- Establish the SIC between the new SmartCenter server and the existing Security Gateway.
- Make any necessary adjustments for the network objects, rule base, network address translation rules, desktop security rules etc.
- Install new licenses for the new SmartCenter Server
- Install the policy
Those are the simplest steps from me via my experience. Don’t hesitate to drop some comments if you have any questions regarding these guide.