Our local MDS god figured this out. Renaming CMA/Domains
Verified on R77.10.
Note this procedure preserves SIC.
Check Point says this procedure is OK as long as the global policy doesn’t change under you.
- Remove CLM from FW cluster object logging.
- Old logs:
- User Tracker on CLM to issue log switch.
- Back up CLM logs (optional).
- Make sure to use “p” option to preserve log file timestamps:
“cp –p 2016* /var/temp-logs/”
- Delete CLM via MDG.
- Take CMA backup:
- mdsenv cma-xyz
- cd $FWDIR/bin/upgrade_tools
- ./migrate export /var/export_cma-xyz.tgz
- Delete entire old domain containing CMA.
- Create new domain & CMA with new names.
- Make sure GUI-clients is “any”.
- Use same IP address as old CMA so FW still talks to same CMA IP.
- Don’t start the CMA till after the import below.
- Import CMA objects using file /var/export_cma-xyz.tgz.
- Click “continue” to the global policy warning.
- Assign new CMA to appropriate global policy.
- Create CLM with new names. Copy logs back in.
- Tell cluster to send logs to new CLM.
- Push policy
- Install database.