The blog provides Network Security Tips, Tricks, How To/Procedures. Products and areas not limited to Firewalls, Security, Check Point, Cisco, Nokia IPSO, Crossbeam, SecurePlatform, SPLAT, IP Appliance, GAiA, Unix/Linux.
Home / Check Point / Firewall / Check Point - Migrate Utility to Export and Import Security Management Server Database

Check Point - Migrate Utility to Export and Import Security Management Server Database

,

Migrate utility can be used to export and import configuration database between Check Point Security Management servers. The utility backup does not include OS information. It's hardware independent and coves all Check Point configurations.

The utility comes handy when you want to upgrade Check Point Management Server. Upgrade can be done at least the following two methods,
  1. Upgrade the Check Point Management Server to higher version by installing upgrade package.
  2. Export configuration database using migrate utility, clean install higher version of Check Point, import the configuration that was exported earlier.
In most of the cases the clean install method is recommended, it would offer better software stability & performance especially when you upgrade a Security Management Server that's installed with multiple hot-fixes.

 The migrate utility can be found in $FWDIR/bin/upgrade_tools/ directory.



Syntax:


migrate <ACTION> [OPTIONS] <FILE> 
(or)
./migrate <ACTION> [OPTIONS] <FILE>

 

Usage:


ACTION (required parameter):

export - exports database.

import - imports database.

OPTIONS (optional parameters):

-l - Export/import SmartView Tracker logs.

Note: only closed logs are exported/imported.

-n - Run non-interactively.

 Note: Using the -n option, the migrate export can be executed non-interactively for automatic scheduled.

 

Example:


This is an example of migrate export operation. It's a best practice to execute cpstop. Once the export operation is completed, execute cpstart to start Security Management Server services.
[Expert@CP-SecurityManagement]#
[Expert@CP-SecurityManagement]# cpstop 
cpwd_admin:
Process SMARTLOG_SERVER terminated
evstop: Stopping product - SmartEvent Correlation Unit
Check Point SmartEvent Correlation Unit stopped
Stopping SmartReporter...
Stopping the SmartReporter Server.
Stopping the SmartReporter Log Consolidator.
Stopping SmartReporter Database.
Note:   Database shutdown takes a few minutes. rmdstart will fail while shutdown is in progress.
SmartView Monitor: Management stopped
VPN-1/FW-1 stopped
SVN Foundation: cpd stopped
SVN Foundation: cpWatchDog stopped
SVN Foundation: cpsnmpd stopped
SVN Foundation: Stopping PostgreSQL Database
SVN Foundation stopped 
[Expert@CP-SecurityManagement]# cd $FWDIR/bin/upgrade_tools/


[Expert@CP-SecurityManagement]# 
[Expert@CP-SecurityManagement]# ./migrate export /var/tmp/SecurityManagementExport.tgz 
You are required to close all clients to Security Management Server

or execute 'cpstop' before the Export operation begins.

Do you want to continue? (y/n) [n]? y 
Copying required files...
Compressing files...




The operation completed successfully. 
Location of archive with exported database: /var/tmp/SecurityManagementExport.tgz



[Expert@CP-SecurityManagement]#
[Expert@CP-SecurityManagement]# cpstart 
cpstart: Power-Up self tests passed successfully
cpstart: Starting product - SVN Foundation
SVN Foundation: Starting cpWatchDog
SVN Foundation: Starting cpd
SVN Foundation: Starting cpsnmpd
SVN Foundation: Starting PostgreSQL Database
SVN Foundation started
cpstart: Starting product - VPN-1
Local host is not a FireWall-1 module
FireWall-1: Starting fwd
FireWall-1: Starting fwm (SmartCenter Server)
FireWall-1: This is a SmartCenter server. No security policy will be loaded
FireWall-1 started
cpstart: Starting product - SmartView Monitor
SmartView Monitor: Not active
cpstart: Starting product - Eventia Suite
Starting SmartReporter...
Starting SmartReporter Server.
Done.evstart: Starting product - SmartEvent Correlation Unit
Check Point SmartEvent Correlation Unit started
cpstart: Starting product - SmartLog
cpwd_admin:
Process SMARTLOG_SERVER started successfully (pid=14895)
*****************************************************************************************************

Warning: You are required to deploy a Software Blade license instead of your NGX license.


or contact Account Services.

*****************************************************************************************************

[Expert@CP-SecurityManagement]#


Check Point - Migrate Utility to Export and Import Security Management Server Database Check Point - Migrate Utility to Export and Import Security Management Server Database Reviewed by Admin on 13:39:00 Rating: 5