CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


First, I hope you're all well and staying safe.
Second, I want to give a "heads up" that you should see more activity here shortly, and maybe a few cosmetic changes.
I'll post more details to the "Announcements" forum soon, so be on the lookout. -E

 

Results 1 to 2 of 2

Thread: Need Help, how to manage CP HA Cluster from another Smart-1 Appliance

  1. #1
    Join Date
    2016-09-23
    Posts
    2
    Rep Power
    0

    Default Need Help, how to manage CP HA Cluster from another Smart-1 Appliance

    Hi all,

    Currently we have 2 production CP 4000 series clusters.
    Cluster A R75: Smart1-5 + 2 HA CP4200
    Cluster B R76: Smart1-5 + 2 HA CP4200

    Few days ago Smart-1 B appliance failed due to storage problem.
    Unfortunately i don't have configuration backup of Smart-1 B.

    My questions are:
    1. Is it possible to manage Firewalls in cluster B with Smart-1 A while keeping current FW config of both clusters?
    2. If (1) is yes, what steps should i do?
    3. Is it require down time?

    Many Thanks,
    Koes

  2. #2
    Join Date
    2011-08-02
    Location
    http://spikefishsolutions.com
    Posts
    1,659
    Rep Power
    10

    Default Re: Need Help, how to manage CP HA Cluster from another Smart-1 Appliance

    oof.. no backups..

    yes you can manage the cluster from your smart-1. Problem is you will not be able to import its configuration. In additional adding the cluster to the smart-1 will cause the cluster's firewall configuration to be removed. In addition to that it will also reset cluster configuration. Meaning you'll have to do it again.

    Full outage until you have recreated the firewall cluster and policy (and nats, VPNs, everything) in the new management server.

    I would say you should back up the cluster with no working management server ASAP. This way you can always at least get the firewall back to a working state.

    Checkpoint Professional Services might be able to help out getting a configuration off the cluster with no management server if you need help.

Similar Threads

  1. Checkpoint smart-1 210 appliance
    By oharek in forum Intermediate
    Replies: 2
    Last Post: 2015-03-12, 07:42
  2. Can a Security Management Server establish SIC and manage a standalone cluster?
    By B A Booracus in forum Security Management Server (Formerly SmartCenter Server ((Formerly Management Server))
    Replies: 2
    Last Post: 2014-03-12, 05:01
  3. Re-imaging a SMART-1 appliance
    By switzer in forum Check Point Smart-1 Security Management Appliances
    Replies: 2
    Last Post: 2011-10-17, 09:56
  4. Smart-1 Appliance Installation
    By fauzzi in forum Check Point Smart-1 Security Management Appliances
    Replies: 0
    Last Post: 2010-12-02, 05:59
  5. How to manage secondary cluster device remotely?
    By cp_noob in forum IPsec VPN Blade (Virtual Private Networks)
    Replies: 1
    Last Post: 2009-02-09, 06:57

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •