https://community.checkpoint.com/t5/Cloud-Firewall/vsec-controller-status-on-standby-machine-partial-data/m-p/141935#M1091 <P>You are right, this is a current limitation and it is on the roadmap to fix.&nbsp;</P> <P>If you are planning a long downtime to the mgmt server, do a failover to the secondary mgmt and the CloudGuard Controller there will update the GWs.</P> Fri, 18 Feb 2022 17:01:02 GMT Gil_Sudai 2022-02-18T17:01:02Z https://community.checkpoint.com/t5/Cloud-Firewall/vsec-controller-status-on-standby-machine-partial-data/m-p/141779#M1088 <P>Hi&nbsp;</P><P>We are using an R80.40 Management in HA. There is a vSec Integration (for datacenter obects) implemented. This is where the management gets the objects dynamically from the vCenter and sends these data center objects to the gateways.</P><P>On the primary management I can se this status:</P><P>vSEC Controller Status: on, Number of imported Data Center Objects: 100</P><P>At the same time I can see on the standby management system:</P><P>vsec controller status on, standby machine (partial data),&nbsp;Number of imported Data Center Objects: 85</P><P>This does not change over time. On both machines I can see the vCenter status "connected".</P><P>Is this normal? What will happen if primary management fails? Will we only have 85 DC objects?</P><P>Unfortunately I was not able to find any sk or documentation for vSEC controller redundancy. Any hints?</P><P>thanks.</P> Thu, 17 Feb 2022 13:28:56 GMT https://community.checkpoint.com/t5/Cloud-Firewall/vsec-controller-status-on-standby-machine-partial-data/m-p/141779#M1088 Daniel_Fischler 2022-02-17T13:28:56Z https://community.checkpoint.com/t5/Cloud-Firewall/vsec-controller-status-on-standby-machine-partial-data/m-p/141793#M1089 <P>Hi Daniel, not sure why the on the Standby it show 85.</P> <P>On Standby, the CloudGuard Controller (old name vsec) is not doing much. Only the instance on the Active mgmt is really doing the work.</P> <P>After the Standby will be set to Active (this is done from SmartConsole) the CloudGuard Controller (old name is vsec) will re-start and will handle all the tasks.</P> <P>HTH,</P> <P>Gil</P> Thu, 17 Feb 2022 14:20:06 GMT https://community.checkpoint.com/t5/Cloud-Firewall/vsec-controller-status-on-standby-machine-partial-data/m-p/141793#M1089 Gil_Sudai 2022-02-17T14:20:06Z https://community.checkpoint.com/t5/Cloud-Firewall/vsec-controller-status-on-standby-machine-partial-data/m-p/141844#M1090 <P>Hi Gil</P><P>Thanks for the reply. That means if the active mgmt goes down there are no more updates for the gateways. There is no automatic failover for the CloudGard Controller itself? I know that the mgmt failover is a manual task (the mgmt itself is not relevant for a working firewall, so this is ok and most people do not panic if the mgmt goes down or is out of order during an upgrade <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span> ).</P><P>But a not working CloudGard Controller will interrupt traffic at least after some time when the object changes! Is there any way to make the CloudGard Controller redundant / high available? Or do you have any suggestions what to do during an upgrade of the active mgmt (that could go some hours)?</P> Fri, 18 Feb 2022 07:45:03 GMT https://community.checkpoint.com/t5/Cloud-Firewall/vsec-controller-status-on-standby-machine-partial-data/m-p/141844#M1090 Daniel_Fischler 2022-02-18T07:45:03Z https://community.checkpoint.com/t5/Cloud-Firewall/vsec-controller-status-on-standby-machine-partial-data/m-p/141935#M1091 <P>You are right, this is a current limitation and it is on the roadmap to fix.&nbsp;</P> <P>If you are planning a long downtime to the mgmt server, do a failover to the secondary mgmt and the CloudGuard Controller there will update the GWs.</P> Fri, 18 Feb 2022 17:01:02 GMT https://community.checkpoint.com/t5/Cloud-Firewall/vsec-controller-status-on-standby-machine-partial-data/m-p/141935#M1091 Gil_Sudai 2022-02-18T17:01:02Z