Support Center > Search Results > SecureKnowledge Details
How to migrate Domains with VSX object from Management server to another in the same version Technical Level
Solution

In scenario where the IP address of the Domain Server has to be changed, the VSX gateway needs to allow traffic from the New IP. If not allowed, policy installation and configuration push will fail.

  1. In the RuleBase, create a new rule from source Any (NEW_IPrange ), to VSX Gateway, with servcie Any .

  2. To export the relevant domain run the below command: (Note - if the VSX is hosted over several domains, you must export ALL CMAs which are relevant to this VSX gateway.)

    # mgmt_cli migrate-export-domain domain "<domain name\uid>\" file-path "<full path>" ignore-vsx-validation true -r true

    Sample :
    # mgmt_cli migrate-export-domain domain "MAIN" file-path "/home/admin/main.tgz" ignore-vsx-validation true -r true

    Note: If exporting from Security Management, there is no need to use the "ignore-vsx-validation" flag

  3. Transfer the export file to the target MDS

  4. Import using the below commands:

    If you wish to keep the domain and DMS name and IP:

    # mgmt_cli migrate-import-domain file-path </path/to/filename.tgz>

    If the domain and DMS name and IP are changed during the migration:

    # mgmt_cli migrate-import-domain file-path </path/to/filename.tgz> domain-name <new domain name> domain-server-name <new DMS name> domain-ip-address <DMS IP> –r true

    Sample
    # mgmt_cli migrate-import-domain file-path "/home/admin/MAIN.tgz" domain-name "VSX_Infra" domain-server-name "VSX_infra_Server" domain-ip-address "10.1.1.71" -r true

    Note: If the domain name is changed, you need to use GuiDbedit to edit the new name of the main_customer and target_customer parameters for each network object and vs_slot_object (do this for each VS in the cluster):

    1. Open GuiDbedit to the target DMS (DMS that holds the VS object).

    2. In the left upper pane, go to Table - Network Objects - network_objects.

    3. Search for the VSs name.

    4. In the network object, find the field "main_customer" and edit it to be the same as the new name of the main DMS (DMS that holds the VSX gateway). Save the changes.

    5. Open GuiDbedit to the main DMS (DMS that holds the VSX gateway).

    6. In the left upper pane, go to Table - Network Objects - vs_slot_objects.

    7. Search for the VS's name.

    8. In the VS object, find the field "target_customer" and edit it to be the same as the new name of the target DMS (DMS that hold the VS object). Save the changes.

    9. Note that main_customer parameter under the network object for the VSX gateway should be empty.

This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment