Re: [FW-1] Migrating firewall from box to box

[Reinhard Stich [Permanent Link]]

hi,
 
the answer is:
yes - you have your fw1-config on the new system now but not the OS-config 
(IPs, routing, hostname etc).
 
with the different hostname fw1 will not start. so if you change your hostname 
and IPs you should have your setup again ...
 
cheers
reinhard

        -----Ursprüngliche Nachricht----- 
        Von: RoNNY [mailto:ronnynussbaum AT GMAIL DOT COM] 
        Gesendet: Mi 24.08.2005 23:36 
        An: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM 
        Cc: 
        Betreff: Re: [FW-1] Migrating firewall from box to box
        
        

        Lino and Hal, thanks for your responses, however, they do not answer
        the question that I asked...
        
        -RoNNY
        
        On 8/24/05, Lino Eduardo Avila Rodríguez <leavila AT scitum.com DOT mx> 
wrote:
        > You can use the backup utility for SPLAT, the command is just backup.
        >
        >
        > Greetings,
        >
        >
        > Lino E. Avila
        >
        >
        >
        > -----Original Message-----
        > From: Mailing list for discussion of Firewall-1
        > [mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] On Behalf 
Of RoNNY
        > Sent: Wednesday, August 24, 2005 2:18 PM
        > To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
        > Subject: [FW-1] Migrating firewall from box to box
        >
        > This was probably asked 15 gazillion times already, but I was 
wondering if
        > someone knows a sure and best way to get this done.
        >
        > I have a very simple config: Splat R55 HFA 14 on one single box. That
        > is: management and enforcement are one.
        >
        > I want to move this thing to a new server.
        >
        > So I went and bought an HP DL380 G4, and got the CD with R55 HFA 12.
        > (this, by the way, happened only after dealing with two great guys at
        > Checkpoint who gave me the ISO).
        >
        > Anyway, here's what I did:
        >
        > 1) Exported my configuration to a remote TFTP server.
        > 2) Loaded R55 HFA 12 on the new box.
        > 3) This is the part that got be a bit confused. I thought: "well...I 
loaded
        > the thing, I can now import my configuration, and tada! It'll work!", 
but
        > no. I had to go through sysconfig, as if I'm installing a new server, 
and
        > then I rebooted.
        >
        > Now, I decided to skip setting the hostname, routing, NICs, etc, 
because I
        > wanted my config restored from the backup file I created earlier. 
Moving on:
        >
        > 4) After reboot, I restored my config. I actually put it under 
/home/admin/,
        > and restored it with the "upgrade_import" tool. I then rebooted.
        >
        > That's it, but here's the thing: my host name is still "cpmodule", 
there's
        > no NIC definitions or anything else. I didn't connect yet with the
        > SmartDashboard, but I assume that the rulebase is there.
        >
        > My question is: do I have an identical server now, and it's only 
missing the
        > NICs, Routing, etc configuration, or did I do something wrong?
        >
        > I guess I was expecting a full blown restore of my entire server, and 
this
        > didn't happen.
        >
        > Thanks
        >
        > -RoNNY
        >
        > =================================================
        > To set vacation, Out-Of-Office, or away messages, send an email to
        > LISTSERV AT amadeus.us.checkpoint DOT com
        > in the BODY of the email add:
        > set fw-1-mailinglist nomail
        > =================================================
        > To unsubscribe from this mailing list,
        > please see the instructions at
        > http://www.checkpoint.com/services/mailing.html
        > =================================================
        > If you have any questions on how to change your subscription options, 
email
        > fw-1-owner AT ts.checkpoint DOT com
        > =================================================
        >
        > =================================================
        > To set vacation, Out-Of-Office, or away messages,
        > send an email to LISTSERV AT amadeus.us.checkpoint DOT com
        > in the BODY of the email add:
        > set fw-1-mailinglist nomail
        > =================================================
        > To unsubscribe from this mailing list,
        > please see the instructions at
        > http://www.checkpoint.com/services/mailing.html
        > =================================================
        > If you have any questions on how to change your
        > subscription options, email
        > fw-1-owner AT ts.checkpoint DOT com
        > =================================================
        >
        
        =================================================
        To set vacation, Out-Of-Office, or away messages,
        send an email to LISTSERV AT amadeus.us.checkpoint DOT com
        in the BODY of the email add:
        set fw-1-mailinglist nomail
        =================================================
        To unsubscribe from this mailing list,
        please see the instructions at
        http://www.checkpoint.com/services/mailing.html
        =================================================
        If you have any questions on how to change your
        subscription options, email
        fw-1-owner AT ts.checkpoint DOT com
        =================================================