How to migrate firewalls between domains

This is in rough shape, I haven’t sanity checked it. Just did this and slammed this together so I wouldn’t forget. Hope it is helpful.

  1.  mdsenv <DOMAIN>
  2. mcd bin/upgrade_tools
  3. ./migrate export /var/log/tmp/givenameofexportfile.tgz
  4. Create new DMS, do NOT start it
  5. Import the tgz file
  6. You will get warnings that the ICA is the same as another domain. Ignore for now.
  7. Do NOT start the DMS
  8. Make backups of the objects_5_0.C file!!! Can’t lose this
  9. Make sure you delete the VPN cert or it will complain when you import into the new domain. You can put your cursor by the :certificate and do a ‘d%’ and vi will delete 25 lines withing the enclosed brackets. Do this for every VPN cert. You will have to recreate if you are using VPNs.cert
  10. If you import global objects for some reason you will get duplicates when you re-import. You can make them local by
    mdsstop_customer DOMAIN
    vi objects_5_0.C
    :.,$s/global_level(1)/global_level(0)/g
    mdsstart_customer DOMAIN
  11. You can then delete them en-masse in dashboard. You can select multiple at a time and delete:
    deletemultiple
  12. Continue on my other blog  to create ICA and resic
Advertisements
Post a comment or leave a trackback: Trackback URL.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

blog.lachmann.org

Michael Endrizzi's - St. Paul MN - CheckPoint blog on topics related to Check Point products and security in general.

%d bloggers like this: