Note: Before changing the IP Address of the Security Management, see sk103356 - How to renew SIC after changing IP Address of Security Management Server.

Procedure:

1. Log in to your account in Check Point User Center.
   
   
2. Update the licenses for the new IP Address of the Security Management Server.
   
   
3. Download these licenses.
   
   
4. Take a backup of the Security Management Server.
   For Gaia OS, see the Gaia Administration Guide for your version.
   For SecurePlatform OS, see the SecurePlatform Administration Guide for your version.
   
   
5. Export the management database:
   
   
   • For R80.20 and higher:
     Use the "migrate_server export" command.
     
     
   • For R80.10 and lower:
     Use the "migrate export"
   
   See the CLI Reference Guide for your version.
   
   
6. Move the OS backup and the management database export from this Security Management Server to a secure location. Compare the MD5 hash values values of the copied files to make sure they are not corrupted.
   
   
7. Connect with SmartConsole (R80 and higher) / SmartDashboard (R77.30 and lower) to the Security Management Server.
   
   
8. Edit the Security Management Server object:
   
   
   1. Change the object's current IP Address to the new IP Address.
      
      
   2. From the left tree, click Network Management (SmartConsole R80 and higher) / Topology (SmartDashboard R77.30 and lower) and change the IP Address on the interface to match. Otherwise, there will be a conflict.
      
      
   3. Click OK.
      
      
9. Publish the session (in SmartConsole R80 and higher).
   
   
10. Close all SmartConsole / SmartDashboard windows.
    
    
11. Stop the Check Point services:
    
    
    1. Connect to the command line on the Security Management Server.
       
       
    2. Run: cpstop

12. Change the IP Address on the corresponding interface in the operating system:

    • In Gaia, use Gaia Clish or Gaia Portal.
      See the Gaia Administration Guide for your version.

    • In SecurePlatform, use the sysconfig command.
      See the SecurePlatform Administration Guide for your version.

    Important: If Security Management Server has only one interface, you must connect through the serial console.

13. Install a license with the new IP Address.
    
    
14. Start the Check Point services.
    Run: cpstart
    
    
15. Connect with SmartConsole (R80 and higher) / SmartDashboard (R77.30 and lower) to the Security Management Server.
    
    
16. Install the database on all servers:
    
    
    • In SmartConsole (R80 and higher), click the Menu button > Install database > select all servers > click Install.
      
      
    • In SmartDashboard (R77.30 and lower), click the Policy menu > Install database > select all servers > click Install.

Notes:

1. Because the hostname (name of the Security Management Server) has not been changed, SIC communication should not be affected, as long as the routing is correct.
   
   
2. Make sure that there is connectivity between the Security Management Server and the managed Security Gateways by adding a rule that allows the new IP address and pushing policy to all managed Security Gateways.
   
   
3. On your DNS Server, map the host name of your Security Management Server to the new IP address.

 

Related solutions:

• sk65451 - How to change the IP address of an Endpoint Management Server?
  
  
• sk74020 - How to change the IP address of a Multi-Domain Server or a Domain Management Server?
  
  
• sk103356 - How to renew SIC after changing IP Address of Security Management Server?

Imported from Nokia support database