CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it yet again - That's right, the 3rd edition is here!
You can read his announcement post here.
It's a massive upgrade focusing on current versions, and well worth checking out. -E

 

Results 1 to 3 of 3

Thread: Promoting Secondary Management Server to be Primary

  1. #1
    Join Date
    2014-11-23
    Posts
    47
    Rep Power
    0

    Default Promoting Secondary Management Server to be Primary

    I have two management servers (R80.20M1), one is Primary and one is Secondary. The Secondary is active. The Primary has a very out of date rulebase on it (as we have had ongoing issues connecting to it with Smart Console).
    Checkpoint have suggested promoting the Secondary server to be the Primary. The instructions are given below. I am not sure though what is meant by "Note - All licenses must have the IP address of the promoted Security Management Server". Does this mean I have to go to the Checkpoint user centre and change the IP address associated with the all licences to be that of the Secondary management server and then download all the licences and load them onto the Secondary management server before promoting it to be the Primary? Thanks

    -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
    INSTRUCTIONS FROM CHECKPOINT
    To promote a Secondary server to become the Primary server:

    On the Secondary Server that you will promote, run:
    #$FWDIR/bin/promote_util
    #cpstop

    Remove the $FWDIR/conf/mgha* files. They contain information about the current Secondary settings. These files will be recreated when you start the Check Point services.
    Make sure you have a mgmtha license on the newly promoted server.
    Note - All licenses must have the IP address of the promoted Security Management Server.

    Run cpstart on the promoted server.
    Open SmartConsole, and:
    Make the secondary server active.
    Remove all instances of the old Primary Management object. To see all of the instances, right-click the object and select Where Used.
    Note - When you remove the old Primary server, all previous licenses are revoked.

    Install database.
    -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

  2. #2
    Join Date
    2007-06-04
    Posts
    3,314
    Rep Power
    17

    Default Re: Promoting Secondary Management Server to be Primary

    Quote Originally Posted by PeterSmith78 View Post
    I have two management servers (R80.20M1), one is Primary and one is Secondary. The Secondary is active. The Primary has a very out of date rulebase on it (as we have had ongoing issues connecting to it with Smart Console).
    Checkpoint have suggested promoting the Secondary server to be the Primary. The instructions are given below. I am not sure though what is meant by "Note - All licenses must have the IP address of the promoted Security Management Server". Does this mean I have to go to the Checkpoint user centre and change the IP address associated with the all licences to be that of the Secondary management server and then download all the licences and load them onto the Secondary management server before promoting it to be the Primary? Thanks

    -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
    INSTRUCTIONS FROM CHECKPOINT
    To promote a Secondary server to become the Primary server:

    On the Secondary Server that you will promote, run:
    #$FWDIR/bin/promote_util
    #cpstop

    Remove the $FWDIR/conf/mgha* files. They contain information about the current Secondary settings. These files will be recreated when you start the Check Point services.
    Make sure you have a mgmtha license on the newly promoted server.
    Note - All licenses must have the IP address of the promoted Security Management Server.

    Run cpstart on the promoted server.
    Open SmartConsole, and:
    Make the secondary server active.
    Remove all instances of the old Primary Management object. To see all of the instances, right-click the object and select Where Used.
    Note - When you remove the old Primary server, all previous licenses are revoked.

    Install database.
    -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
    You have understood correctly.

    In Management HA environment then the Gateways should be licensed to the IP of the Primary SmartCentre.

    If you promote the Secondary to become Primary then you need to relicense the products to the IP of this SmartCentre.

    You should then attach the licenses to the Gateways.

  3. #3
    Join Date
    2014-11-23
    Posts
    47
    Rep Power
    0

    Default Re: Promoting Secondary Management Server to be Primary

    Many thanks that confirms what I suspected

Similar Threads

  1. management HA when the Primary and Secondary management servers are on separate Net
    By ba3113 in forum Security Management Server (Formerly SmartCenter Server ((Formerly Management Server))
    Replies: 3
    Last Post: 2017-03-06, 04:35
  2. Deleting Secondary MDS and CMA from Primary Multi Doamin Management
    By sawant.arjun@gmail.com in forum Provider-1 (Multi-Domain Management)
    Replies: 1
    Last Post: 2015-07-29, 07:05
  3. Promote the Secondary Smart centre server to be the Primary
    By JuniorMember in forum Management High Availability
    Replies: 0
    Last Post: 2011-06-13, 12:06
  4. Restore Primary Management Server questions
    By cpguy in forum Check Point Backup Procedures
    Replies: 5
    Last Post: 2011-06-03, 13:52
  5. Issues in our Primary Management server
    By dreambuddy in forum Management High Availability
    Replies: 3
    Last Post: 2008-12-11, 21:29

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •