Mgmt HA Hostname Change

[Testing-123]

Hello All,

I have a HA pair of R65 Check Point smart centres on Windows 2003. The active is called alpha-1 and the passive is called alpha-2. There is a requirement to rename them to alpha-active and alpha-standby respectively. No VPN's are defined in any of the policies and administrators access to smart dashboard is via Check Point passwords.

Has anyone done this in a HA environment? Any advice on how to go about it to minimise disruption to firewall admins/NOC who will be using tracker during the upgrade for BAU....

Regards
Testing-123

[Routerkid1]

on the active

The first thing you need to do is make sure all of the firewall objects managed have the vpn option unchecked. This will revoke any certs issued.

Then you need to go to the command line and type in fwm sic_reset. This will destroy the ica. You can change the hostname at this point and reboot.


Once the box is up click on Start >Run and type cpconfig. You will see an option for the cert/ica. Just click OK to Create the ICA with the new hostname.


Reset sic on the backup mgmt via cpconfig and change the hostname on the box.


Login to the Active Smart Dashboard and delete and recreate the backup mgmt object with the new sic key and hostname


Click on Policy > HA and force a sync from the Primary to the backup.

[Testing-123]

Hi Routerkid1,

Thank you for your reply. I'm comfortable with the process you've described as i built the HA pair using an exported config so i'm familiar with the possible issues i may encounter.

But as always, i use this forum as a santiy check and a knowledge base and have just realised i will have to resic the modules to the SC after the host name change as the ICA would have changed and i cannot remember the SIC key on the modules! But i'm running VRRP clusters so this should not be a major issue but something (important) that slipped my mind (*duhn*)

Thanks once again.

Regards
Testing-123