How to Migrate A Single Gateway Check Point to Distributed Deployment

This guide is made for those who wants to migrate a single gateway check point to distributed deployment. In this is  environment setup I will use:

  1. One Existing Check Point Security Gateway  UTM-1 with IP address 192.168.1.1/24 (standalone deployment)
  2. One New Smartcenter appliance (I use Smart-1 appliance) with IP address 192.168.1.3/24

 

With those devices above, I want to move the configuration from standalone at UTM-1 with the IP address 192.168.1.1 to distributed deployment. Here are the simplest steps I have configured:

  1. Detach all licenses for the existing standalone UTM-1  machine
  2.  Run the upgrade_export utility on the existing standalone UTM-1  machine
  3.  Install or run the SmartCenter product.  I have the Smart-1 appliance, so in this scenario I don’ t have to install the software anymore. Just activate the SmartCenter product.
  4.  Apply the same software version and HFA on both SmartCenter server and the security gateway.
  5.  Run the upgrade_import utility on the new SmartCenter server or appliance.
  6.  Modify the host name and the IP address of single gateway network object in the SmartDashboard
  7.  Uncheck unnecessary Check Point products for the single gateway network object in the SmartDashboard
  8. If the configuration on the existing Security Gateway (UTM-1) still exists then uninstall it (scratch it).
  9. Attach the fresh installation existing Security Gateway to the new SmartCenter server.
  10. Establish the SIC between the new SmartCenter server and the existing Security Gateway.
  11. Make any necessary adjustments for the network objects, rule base, network address translation rules, desktop security rules etc.
  12. Install new licenses for the new SmartCenter Server
  13.  Install the policy

 

Those are the simplest steps from me via my experience. Don’t hesitate to drop some comments if you have any questions regarding these guide.

 

avatar
We are teams that have the same hobbies in Information Technologies and have experienced in many fields regarding Information Technologies .

Related Articles

Email
Print