Create an SCP user account on Check Point SecurePlatform

SCP is used to securely transfer files to and from the Check Point gateways or Security Management Servers. The following instructions provide information on how to configure SCP access on SecurePlatform (SPLAT)

  1. Connect to the server via console or SSH
  2. Login to expert mode
  3. Create a user account, type “adduser
  4. Set the password, type a password “SECUREPASSWORD
  5. Change the shell for the new user account, type “chsh –s /bin/bash SCP
  6. Exit expert mode
  7. Test the account by using an SCP client such as WinSCP to connect to the server and transfer files

Setting the shell of the user account can also be accomplished another way.

  1. Edit the passwd file, type “vi /etc/passwd
  2. Press “i” to start enable input and modify the line which starts scp: and replace cpshell with bash
  3. Press – ESC :W! (to save)
  4. Press and hold – CTRL ZZ (to exit the program)
  5. Exit out of expert mode

Migrate Check Point Security Management Server to new hardware

When upgrading Check Point Security Management Server aka Smartcenter to a newer version I prefer to perform a fresh install and migrate the existing database to new hardware. Refer to the Check Point upgrade map here for valid upgrade paths. In my scenario I was running R71.30 on SecurePlatform (SPLAT) and was only able to directly upgrade R75.20, the procedure below describes the steps performed. Perform these steps in a lab environment to fully test and understand the procedure.

Upgrade the migration tools on the old server

Before exporting the database, the upgrade tools on the existing server need to be upgraded to the version being migrated to.

  1. Download the “Management Server Migration Tools” for R75.20 from the Check Point website.
  2. Extract the contents of “Management Server Migration Tools” .tgz
  3. Use SCP and copy the contents and replace the upgrade_tools directory on the existing R71.30 server /opt/CPSuite-R75.40/fw1/bin/upgrade_tools

Continue reading “Migrate Check Point Security Management Server to new hardware”