Note: Before changing the IP Address of the Security Management, see sk103356.
The following steps should be followed when changing the IP Address of the Security Management:
- Access UserCenter and update the licenses for the new IP Address of the Security Management.
- Download these licenses.
- Perform a complete backup of the system.
- As a secondary backup use the migrate_export utility to perform an export of the Security Management. This utility is located in the
$FWDIR/bin/upgrade_tools/ directory on the Security Management. To run this utility, run the following command:
$FWDIR/bin/upgrade_tools/migrate export [filename]
NOTE: For R80.10, it is highly recommended to perform a regular backup instead of using the migration tools.
- Ensure that the system backup, as well as the exported configurations, are moved to a secure location and MD5 values are verified.
- Login to the Security Management with SmartDashboard (with SmartConsole in R80.x).
- Edit the Security Management object and change the current IP Address to the new IP Address.
Note: Also, access the Topology tab of the object and change the IP Address on the interface to match. Otherwise, there will be a conflict.
- Save the policy and close SmartDashboard. (Publish and close SmartConsole in R80.x)
- Stop the Check Point services by running
Change the IP Address in the OS (in Gaia, use Gaia Clish or Gaia Portal).
Note: If Security Management has only one interface, then your connection to Security Management will be interrupted when you change the IP address. You will need to reconnect.
- Install a license with the new IP Address.
- Restart the Check Point services by running
- Since the hostname (name of the Security Management) has not been changed, SIC communication should not be affected, as long as the routing is correct.
- Make sure that there is connectivity between the Security Management and the managed Security Gateway(s), and that DNS resolution is to the new IP Address.
3. If the DNS does not resolve to the new IP, you will need to reset SIC to confirm the change.
Imported from Nokia support database