The hostname of the Smartcenter is an issue not because of license, but
because the Internal Certificate Authority (ICA) was initialized with that
hostname, if you load an upgrade_export file to a new smartcenter with
different hostname the ICA gets corrupted and the only way around it is
reinitializing it, which is a real pain (you have to backup files, delete
files and manually modify some others).
If you already did this, you have two options, follow that procedure or just
do a reinstall and set the correct hostname before doing the import, which I
would consider a lot easier if you are running SPLAT because it reinstalls
everything pretty fast.
If you have no way around it and you MUST change the hostname of your
SmartCenter, then follow the ICA reinitialization procedure. Attached I have
included a txt file with the best documented procedure I have found, the
ones from the SecureKnowledge were not so detailed, but this one for the
Nokia knowledgebase worked great for me once, even though I was not working
with Nokia boxes back then.
Hope this info is useful.
Regards
On 8/27/06, Marendra Nutriaji <marendra AT itpro.co DOT id> wrote:
Hi, thank you Reinhard,
I think I successfully doing it. However, the hostname the new firewall is
different.
How can I change the name of primary smartcenter? I heard It has relation
with license, how can I do that?
Thanks
-----Original Message-----
From: Reinhard Stich [mailto:r.stich AT INTERNET-SECURITY DOT AT]
Sent: Saturday, August 26, 2006 10:11 PM
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: [FW-1] AW: [FW-1] migration problems
hi,
first of all you have to define a new host-object for your new
smartcenter-server and make it a smartcenter-server only. disable the fw1
running there.
then create a new object for your nokia and setup SIC.
cheers
reinhard
--
Reinhard Stich r.stich AT internet-security DOT at
Internet Security AG www.internet-security.at
** Check Point Connectra secured WebMail **
-----Ursprüngliche Nachricht-----
Von: Mailing list for discussion of Firewall-1 im Auftrag von Marendra
Nutriaji
Gesendet: Sa 26.08.2006 04:08
An: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Betreff: [FW-1] migration problems
Hi,
Iam new in checkpoint. So i really need help regarding to migration
issues.
I have one stand alone checkpointsecure platform. It is the firewall
module and primary smartcenter.(Machine A)
Then, i have 1 Nokia IP 390 platform (Machine B), and 1 Smart Center
Server (SCS) based on Secureplatform.
What iam trying to do:
Starting point: Machine A --> SCS and Firewall Module
End Point: Machine B -- >Firewall Module which has the same imported rule
from Machine A
SCS --> Primary Smart Center Managemnet Server which manage the
Machine B
Basically, i want to split the scs and firewall module into another 2
servers.
What i have done:
1. Install checkpoint in Nokia
2. Install new SCS server
3. export configuration from Machine A using upgrade export_tools
4. import the exported configuaration to the new SCS server
The last step done without errors. Nut i realized i have exported the
Primary Smartcenter configuration, so when i tried to
reinitialize the SIC in SCS server (un smartdashboard connected to new scs
server) to make new SCS server and Nokia
communicate, i can't, it was greyed out.
How can i make it not become primary smartceenter, or are there any steps,
links, suggestions, based on experience, or
concept. to splitting that machine A into 2 new machine?
There is a link CP knowledgebase, but i still confused about it.
I hope anyone could help me...
Thank you in advance
Best Regards
marendra
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
--
Sergio Alvarez
(506)8301342
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
reset-SIC-forcibly-Nokia.txt
Description: Text document
|
