How To Change CMA/Domain Name – Preserve SIC

Our local MDS god figured this out. Renaming CMA/Domains

Verified on R77.10.

Note this procedure preserves SIC.

Check Point says this procedure is OK as long as the global policy doesn’t change under you.

 

  1. Remove CLM from FW cluster object logging.
  2. Old logs:
    1. User Tracker on CLM to issue log switch.
    2. Back up CLM logs (optional).
    3. Make sure to use “p” option to preserve log file timestamps:

“cp –p 2016* /var/temp-logs/”

  1. Delete CLM via MDG.
  2. Take CMA backup:
    1. mdsenv cma-xyz
    2. cd $FWDIR/bin/upgrade_tools
    3. ./migrate export /var/export_cma-xyz.tgz
  3. Delete entire old domain containing CMA.
  4. Create new domain & CMA with new names.
    1. Make sure GUI-clients is “any”.
    2. Use same IP address as old CMA so FW still talks to same CMA IP.
    3. Don’t start the CMA till after the import below.
  5. Import CMA objects using file /var/export_cma-xyz.tgz.
    1. Click “continue” to the global policy warning.
  6. Assign new CMA to appropriate global policy.
  7. Create CLM with new names.  Copy logs back in.
  8. Tell cluster to send logs to new CLM.
    1. Push policy
    2. Install database.
By Dreezman, on April 15, 2016 at 6:53 am, under Uncategorized. No Comments
Post a comment or leave a trackback: Trackback URL.

Leave a comment

Helen's Loom

"The most difficult thing is the decision to act, the rest is merely tenacity." -Amelia Earhart

Life Stories from Dreez

These are stories from my travels. Generally I like to write stories about local people that I meet and also brag about living the retirement dream with my #1 wife Gaby. She is also my only wife.