I have tested some tools usable for CMA migration and honestly I do not have more luck as earlier. The Software Version I used is R70.40 but the tools are from R75.
For migrate export command I mounted the R75 ISO image under R70.40.
The IP of the CMA is 2.2.2.2
1. Export CMA
-change to my cma enviroment: [Expert@provider1]# mdsenv 2.2.2.2 -check if we are there: [Expert@provider1]# echo $FWDIR -issue the command as documented: [Expert@provider1]# /var/opt/export_tool/migrate_tool/migrate export /var/log/CMA_EXPORT/mycma1 |
2. Export Global Policy:
-change to mds level: [Expert@provider1]# mdsenv -check if we are there: [Expert@provider1]# echo $FWDIR -issue the command as documented: [Expert@provider1]# /var/opt/export_tool/migrate_tool/migrate export /var/log/CMA_EXPORT/exported_global_db.tgz |
3. Import global policy
The target MDS has the same version and the same IP as the source MDS. Its a test enviroment separated from the live enviroment…
-issue the command as documented on the target MDS: [Expert@provider1]# migrate_global_policies /var/tmp/CMA_IMPORT/exported_global_db.tgz Welcome to the Global Policies Migration Utility. Error: /var/tmp/CMA_IMPORT/exported_global_db.tgz does not include directory export_db failed to extract file /var/tmp/CMA_IMPORT/exported_global_db.tgz. |
Here the first but not the last error message. I have found an SK against this:
sk33662- How to resolve the error message “The source database is missing the registry file” – This has not worked for me!
4. Import cma
[Expert@provider1]# cma_migrate /var/tmp/CMA_IMPORT/mycma1.tgz /opt/CPmds-R70/customers/mycma1/CPsuite-R70/fw1/ Error: /var/tmp/CMA_IMPORT/mycma1.tgz does not include directory export_db failed to extract file /var/tmp/CMA_IMPORT/mycma1.tgz. |
Here is the error message again. I have found an SK against this:
sk33662- How to resolve the error message “The source database is missing the registry file” – This has not worked for me! The document suggest to use migrate_assist, but how it works is not clear…
5. New export_database tool
After searching on the checkpoint support page I have found a new articel (for me at least) and tried it.
sk42704 – The export_database utility
The binary used for this is documented as following:
R70 upgrade tools for Provider-1, Solaris 2 Brief Description Details: File Name: P1_Solaris2_upgrade_tools.tgz Product: Multi-Domain Management / Provider-1 Version: R70 OS: Solaris, SecurePlatform ------------------> BULLSHIT! it is not working under Secureplatform, it may be compiled for Solaris, I guess. MD5: 56c52ad759616aa78cf9cd618a7e524d Size: 207.70 KB Date Published: 1/20/2011 0:0:0 File Revision: |
6. Summary for the tools I have tested under SPLAT under R70.40:
p1_upgrade_tools.tgz --> "migrate export" works but its output is not importable with "cma_migrate"... P1_Solaris2_upgrade_tools.tgz --> It does not work under SPLAT! SPLAT_p1_upgrade_tools.tgz --> works, but not publicly available anymore...? |
The command mds_backup and mds_restore works as it should. It could be used to migrate a CMA. I mean after the restore we can delete the CMAs we do not need in the target MDS system, but be carefull the mds_restore deletes all existing cmas before the restoring the new cma config. SK for mds_backup and mds_restore is sk41298 and sk56388 and the official installation and upgrade guide document.
Maybe I have more luck with the migrate command after an upgrade to R75. Update comes soon.
itsecworks 
Posted on October 28, 2012
0