June 12, 2014 by Sean Doggett
Ever found yourself locked out of a Check Point Security
Management server during a migration where the IP addressing of the management
server is changing? Sean Doggett takes us through an adventure with the Check
Point DBEDIT tool.
Changing the IP address of a management server can be tricky and doesn’t just require an administrator to change the IP address of the interface (Although an intrinsic component of the relocation to a new IP address of course). When migrating a management server to a new IP address there are a few Key things to consider. Licensing is most probably top of the list and is also where most people become unstuck. Any central licenses associated with the Management Server are tied to the IP address and therefore will need to be changed and reattached. The question is when to apply these newly readdressed licenses. I’d argue that at the start of the migration before taking a “migrate export” is probably the best option. The next thing to remember when migrating a management server to a new IP address is to change the address of the management server object in SmartDashboard before doing the “migrate export” which is where I may have slipped up. This is where the dbedit tool came to my rescue. The dbedit tool comes in two different flavours; a GUI which can be obtained from the Check Point website, and of course, via the CLI. Having done a “migrate import” on the management server I had freshly built I found myself unable to connect via the GUI client remotely so I used the console connection and used the following command structure:
dbedit
modify network_objects
I must add a disclaimer that thos tool should only be used if you are whole hartedly certain you know what you are doing. For those of you that brave it, I hope its use gets you out of a sticky situation.
