Prior to this project, our customer was utilizing an older Checkpoint Unified Threat Management (UTM) solution. However, the aging equipment, performance issues, and the growing demand for a state-of the-art security solution prompted the need for a modern replacement. The goal was to implement an advanced UTM system that would enhance the bank's overall security framework. The scope of the project encompassed the following tasks:
1. Delivery of All Items: as per the custemer request.
2. Network Assessment: Understanding the current network architecture and proposing a logical design for the
upgrade.
3. Solution Implementation: Physical inspection of delivered equipment, Rack mounting and powering on all devices, Initial configuration and licensing, Ensuring the hotfix version of the new appliance matches the old appliance, Database migration from the old Security Management Server (SMS) to the new system and then finally Migration (Go-Live) and verification of the services.
During the implementation, the team encountered three significant challenges:
A) Access Denial After Database Migration
After migrating the database from the old appliance to the new one, the me and my team faced an unexpected issue
where access to the new appliance was completely denied.
Upon investigation, it was discovered that user access policies from the old appliance had been
migrated to the new one, causing the lockout.
The team resolved this by performing a factory reset, regaining access to the appliance, and ensuring
continued implementation.
B) Licensing Issue
Applying the licenses proved to be a major time-consuming challenge. Despite trying multiple
scenarios, the issue persisted.The team created a support case with Checkpoint's technical team, only to discover that the licenses
were set to activate on a specific future date. Once the activation date arrived, the licenses were
successfully applied using the original method.
C) Internet Connectivity Issue Post-Migration
Following the final migration, most services were operational. However, the Internet connection was
inconsistent, frequently unavailable, or performing very slowly.
Investigation revealed a loopback issue in the network's routing configuration. The team resolved the
routing problem, restoring full and stable Internet connectivity.
What me and my team do differently was to take a look at the challenge that we face on access levels on the old appliance before migration and do it accordingly.
