CPUG

The Check Point User Group

A Resource For The Check Point Community.  Fast.  Useful.  Independent.

1. CCSA/CCSE One-Week Dual-Certification Training Course with CPUG in San Francisco!
    Courses Starting 10/6, 11/3, 12/8, (2009) 1/19, 2/9, 3/9, 4/6, 5/4, 6/8, 7/6, 8/3, 9/7.
2. Corrent S3500 SecureXL Turbocards For Sale - Last Six Remaining - Get Your Spares!
3. Join Us On LinkedIn - We now have a CPUG group.


Go Back   CPUG: The Check Point User Group > Check Point Firewall-1/VPN-1 And Related Products > Management High Availability
Reload this Page Managment HA
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 2006-09-24
zarcoff zarcoff is offline
Member
  
Join Date: 2006-07-06
Posts: 70
Rep Power: 3
zarcoff has an average reputation (10+)
Default Managment HA
Hi All

Could some please explain how to configure Managment ha on a windows platform using NGX.



Cheers
Zarcoff
Reply With Quote
  #2 (permalink)  
Old 2006-09-24
northlandboy northlandboy is offline
Senior Member
  
Join Date: 2006-07-28
Location: New Zealand
Posts: 810
Rep Power: 3
northlandboy has an average reputation (10+)
Default Re: Managment HA
1/Install primary management server and firewalls

2/Install SmartCenter Server on a secondary management station. At install time, configure it as a secondary management server.

3/Create a secondary management server in SmartDashboard. Establish SIC. Install database on the secondary management server (important for logging failover).

4/ Policy -> Management High Availability - synchronise the secondary.

5/ Global Properties -> Management HA - configure the options you want for automatic sync.

6/ On each firewall object, change the masters to include both management stations. Configure the logging as required - generally you will configure it to log to one of the management stations, then fail over to the other if required. Install policy to the firewalls.

That's pretty much all there is to it. Of course, if there are any firewalls between the management stations, they will need to be updated to allow comms between the management stations.
Reply With Quote
  #3 (permalink)  
Old 2006-09-25
osantiago774 osantiago774 is offline
Junior Member
  
Join Date: 2005-09-19
Posts: 2
Rep Power: 0
osantiago774 has an average reputation (10+)
Default Re: Managment HA
Has anyone do HA with each Management server hanging off a DMZ of each firewall at two locations. I have have trouble SICing the second management server.
Reply With Quote
  #4 (permalink)  
Old 2006-09-25
northlandboy northlandboy is offline
Senior Member
  
Join Date: 2006-07-28
Location: New Zealand
Posts: 810
Rep Power: 3
northlandboy has an average reputation (10+)
Default Re: Managment HA
Yes. I've done this many times. You need to allow a fair bit of comms between the two management stations - e.g CPD, CPD_amon, CP_redundant, etc. There's probably a definitive list around somewhere.

Check your routing, and check what your logs are telling you - are you seeing any drops between the two management stations (I know, it's not the ideal way to do it, but sometimes necessary)
Reply With Quote
  #5 (permalink)  
Old 2006-09-27
xiaolonguk xiaolonguk is offline
Junior Member
  
Join Date: 2006-09-27
Posts: 2
Rep Power: 0
xiaolonguk has an average reputation (10+)
Default Re: Managment HA
Guys,

Im wondering if you can help. I have configured my secondary SCS, created the checkpoint host on the primary SCS, confirmed SIC is working. I can push the masters policy down to the Secondary SCS, but the "Management High Availability" Button is greyed out. What am I missing here? Both SCS have enterprise licenses installed. They are sat on the same LAN, so no protocol blocking. Everything I have read, confirms what I have done, but..... its not working :(
Reply With Quote
  #6 (permalink)  
Old 2006-09-27
northlandboy northlandboy is offline
Senior Member
  
Join Date: 2006-07-28
Location: New Zealand
Posts: 810
Rep Power: 3
northlandboy has an average reputation (10+)
Default Re: Managment HA
Could you just clarify what you mean by "can push the masters policy down" - are you referring to doing a database install?

Also, do you mean the "Management High Availability" menu option, not button?

And I take it the object has "Secondary Management Server" checked in the object definition?
Reply With Quote
  #7 (permalink)  
Old 2006-09-28
xiaolonguk xiaolonguk is offline
Junior Member
  
Join Date: 2006-09-27
Posts: 2
Rep Power: 0
xiaolonguk has an average reputation (10+)
Default Re: Managment HA
Yes I can install the Masters DB

Yes you are correct the menu option

And Yes, on the Primary SCS, I have set the Secondary option for the object, and also confirmed SIC status.

When I use SmartView Monitor, and query the status of the Secondary SCS, i get an error message saying the CA DB hasnt be initalised?
Reply With Quote
  #8 (permalink)  
Old 2008-07-28
michael.wu michael.wu is offline
Junior Member
  
Join Date: 2008-07-27
Posts: 1
Rep Power: 0
michael.wu has an average reputation (10+)
Default How to create a CMA High Availability through Provider 1/Site-manager 1?
Hi,How to create a CMA High Availability through Provider 1/Site-manager 1?Thx!
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -7. The time now is 08:13.

Contact Us - CPUG Home Page - Archive - Top

Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
LinkBacks Enabled by vBSEO 3.0.0