PDA

View Full Version : Need Help, how to manage CP HA Cluster from another Smart-1 Appliance



xeveda
2016-09-25, 21:13
Hi all,

Currently we have 2 production CP 4000 series clusters.
Cluster A R75: Smart1-5 + 2 HA CP4200
Cluster B R76: Smart1-5 + 2 HA CP4200

Few days ago Smart-1 B appliance failed due to storage problem.
Unfortunately i don't have configuration backup of Smart-1 B.

My questions are:
1. Is it possible to manage Firewalls in cluster B with Smart-1 A while keeping current FW config of both clusters?
2. If (1) is yes, what steps should i do?
3. Is it require down time?

Many Thanks,
Koes

jflemingeds
2016-09-26, 12:32
oof.. no backups..

yes you can manage the cluster from your smart-1. Problem is you will not be able to import its configuration. In additional adding the cluster to the smart-1 will cause the cluster's firewall configuration to be removed. In addition to that it will also reset cluster configuration. Meaning you'll have to do it again.

Full outage until you have recreated the firewall cluster and policy (and nats, VPNs, everything) in the new management server.

I would say you should back up the cluster with no working management server ASAP. This way you can always at least get the firewall back to a working state.

Checkpoint Professional Services might be able to help out getting a configuration off the cluster with no management server if you need help.