Support Center > Search Results > SecureKnowledge Details
How to change the IP Address of a Security Management Server? Technical Level
Solution

Note: Before changing the IP Address of the Security Management, see sk103356 - How to renew SIC after changing IP Address of Security Management Server.

Procedure:

  1. Log in to your account in Check Point User Center.

  2. Update the licenses for the new IP Address of the Security Management Server.

  3. Download these licenses.

  4. Perform a complete backup of the system.

  5. As a secondary backup, use the "migrate export" command to export the Security Management Server database.
    This utility is located in the $FWDIR/bin/upgrade_tools/ directory on the Security Management Server.
    Syntax:
    $FWDIR/bin/upgrade_tools/migrate export [filename]

    NOTE: For R80.10, it is highly recommended to perform a regular backup instead of using the migration tools.


  6. Ensure that the system backup, as well as the exported configurations, are moved to a secure location and MD5 values are verified.

  7. Connect with SmartConsole (R80 and higher) / SmartDashboard (R77.30 and lower) to the Security Management Server.

  8. Edit the Security Management Server object:

    1. Change the object's current IP Address to the new IP Address.

    2. From the left tree, click Network Management (SmartConsole R80 and higher) / Topology (SmartDashboard R77.30 and lower) and change the IP Address on the interface to match. Otherwise, there will be a conflict.

    3. Click OK.

  9. Publish the session (SmartConsole R80 and higher).

  10. Close SmartConsole / SmartDashboard.

  11. Stop the Check Point services:

    1. Connect to the command line on the Security Management Server.

    2. Run: cpstop
  12. Change the IP Address on the corresponding interface in the operating system:

    • In Gaia, use Gaia Clish or Gaia Portal

    • In SecurePlatform, use the sysconfig command

    Note: If Security Management Server has only one interface, you must connect through the serial console.

  13. Install a license with the new IP Address.

  14. Start the Check Point services.
    Run: cpstart

Notes:

  1. Because the hostname (name of the Security Management Server) has not been changed, SIC communication should not be affected, as long as the routing is correct.

  2. Make sure that there is connectivity between the Security Management Server and the managed Security Gateway(s) by adding a rule that allows the new IP address and pushing policy to all gateways.

    Also, make sure that DNS resolution is applied to the new IP address. If the DNS does not resolve to the new IP address, you will need to reset SIC to confirm the change.

 

Related solutions:

Imported from Nokia support database

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment