When upgrading Check
Point Security Management Server aka Smartcenter to a newer version I
prefer to perform a fresh install and migrate the existing database to
new hardware. Refer to the Check Point upgrade map here
for valid upgrade paths. In my scenario I was running R71.20 on
SecurePlatform (SPLAT) and was only able to directly upgrade R75, the
procedure below describes the steps performed. Perform these steps in a
lab environment to fully test and understand the procedure.
Upgrade the migration tools on the old server
Before exporting the database, the upgrade tools on the existing server need to be upgraded to the version being migrated to.
-
Download the “Management Server Migration Tools” for R75 from the Check Point website.
-
Extract the contents of “Management Server Migration Tools” .tgz
-
Use SCP and copy the contents and replace the upgrade_tools directory on the existing R71.20 server /opt/CPSuite-R71.20/fw1/bin/upgrade_tools
Create a management database export file on the existing server
-
Login to expert mode on the existing server
-
Type “cd $FWDIR/bin/upgrade_tools
-
Run the migrate export command
“./migrate export –l <EXPORTED DATABASE NAME>.tgz”
Once the export has been complete use SCP to copy the export file to a safe location.
Import the database to the new Security Management Server
-
From a client machine connect copy the backup database file to the new server via SCP. For simplicity I copy the database export to the same location as the upgrade tools ($FWDIR/bin/upgrade_tools)
-
Login to expert mode on the new server
-
Type “cd $FWDIR/bin/upgrade_tools
-
Type “./migrate import BACKUPFILENAME.tgz
-
When prompted to stop all Check Point services, type “Y” – ENTER
-
Once the import procedure has completed it will prompt to start Check Point services, type “Y” – ENTER
-
Disconnect the old server from the network
-
Connect the new server to the network
-
Connect to the smartcenter using the correct SmartDashBoard version.
