Checkpoint: Migrate R76 Standalone Firewall to a Distributed Smartcenter and Gateways (R7x.xx)

“Database migration between Standalone and Management only machines is not supported”

The error above is observed when trying to migrate the management from a standalone firewall to a new Smartcenter for distributed architecture and appears to be more of a bug than anything else.

Luckily it is easily sorted:

1. Take an export of existing standalone management & firewall:

Download newest migration tools from https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk91140 and run an export:
# $FWDIR/bin/upgrade_tools/migrate export MY_EXPORT

2. Extract the files from the MYEXPORT.tgz using e.g. 7zip. Using Notepad++ or similar, change the “configuration” and “configuration2” files to take the Firewall element out as shown in the pictures below:
Remove the “Firewall” string in “configuration” ..

configuration_1

 

 

 

.. to look like this:

configuration_2
And change the following strings in the “configuration2” file ..

configuration2_1
.. to look like this:

configuration2_2

 

 

 

 

 

 

 

 

 

 

 

 

3. Repackage the files into MY_NEW_EXPORT.tgz, copy them on to the new management center and run the import:

# $FWDIR/bin/upgrade_tools/migrate import MY_NEW_EXPORT

Job done!

Linux: scp Examples

What is Secure Copy?

scp copies files between hosts on a network. It uses ssh for data transfer, and uses the same authentication and provides the same security as ssh. Unlike rcp, scp will ask for passwords or passphrases if they are needed for authentication.

Examples

Copy the file “foobar.txt” from a remote host to the local host

$ scp your_username@example.com:foobar.txt /some/local/directory

Copy the file “foobar.txt” from the local host to a remote host

$ scp foobar.txt your_username@example.com:/some/remote/directory

Copy the directory “foo” from the local host to a remote host’s directory “bar”

$ scp -r foo your_username@example.com:/some/remote/directory/bar

Copy the file “foobar.txt” from remote host “example.com” to remote host “somewhere.com”

$ scp your_username@example.com:/some/remote/directory/foobar.txt \
your_username@somewhere.com:/some/remote/directory/

Copying the files “foo.txt” and “bar.txt” from the local host to your home directory on the remote host

$ scp foo.txt bar.txt your_username@example.com:~

Copy the file “foobar.txt” from the local host to a remote host using port 2264

$ scp -P 2264 foobar.txt your_username@example.com:/some/remote/directory

Copy multiple files from the remote host to your current directory on the local host

$ scp your_username@example.com:/some/remote/directory/\{a,b,c\} .
$ scp your_username@example.com:~/\{foo.txt,bar.txt\} .

scp Performance

By default scp uses the Triple-DES cipher to encrypt the data being sent. Using the Blowfish cipher has been shown to increase speed. This can be done by using option -c blowfish in the command line.

$ scp -c blowfish some_file your_username@example.com:~

It is often suggested that the -C option for compression should also be used to increase speed. The effect of compression, however, will only significantly increase speed if your connection is very slow. Otherwise it may just be adding extra burden to the CPU. An example of using blowfish and compression:

$ scp -c blowfish -C local_file your_username@example.com:~

These examples were copied from http://www.hypexr.org/linux_scp_help.php.

VMWare: Update Standalone ESXi 5.0 to 5.1 Using a Depot Zip File

1) Download the depot file; at the time of writing the latest update is as follows and can be found here.

VMware-ESXi-5.1.0-799733-depot.zip
File size:298M
File type: zip
Release Date:2012-09-10
Build Number:799733

2) Upload the file to your datastore, in this example the file was uploaded to  “myDatastore”

3) Enable SSH on your ESXi host and on the command line, enter the following, using an absolute path to your depot file:

~ # esxcli software profile install -d /vmfs/volumes/myDatastore/VMware-ESXi-5.1.0-799733-depot.zip -p ESXi-5.1.0-799733-standard
 

4) Reboot, done!