Create a Post
Showing results for 
Search instead for 
Did you mean: 

query mds to determine if cma is active or standby

I have several api scripts i've written that let me add hosts, add to groups, add groups etc ... but part of the input i give them is the MDS IP and CMA IP.  I have multiple MDS's in different data centers with CMA's in HA.  It's always fine to query data on 1 mds and pull data from a standby cma since in those cases i'm using a user ID with only RO creds.  but when we need to write data I have to be hitting the active cma.   I'd like to create a web front end for some of this work since some of the folks who are going to need to be able to add things to some fw groups need a more self service feature via web form.   I don't want to have to go back if it fails and query the system if a cma was moved and update the back end code.

I looked at show domains with full details and I'm not seeing anything in there that indicates the CMA status.

ideal case is i can run a cma status script and update my web forms each morning ... since cma's don't fail over often if ever ... at this point i'm more curious as to how to determine this status and it's bothering me that it's not a simple json parse.

*edit* MDS are all R80.30


thanks for reading,


0 Kudos
2 Replies

The only way I found how to do it is by going into each domain environment and running cpstat mg see example below.

[Expert@mnhqgocpmds02:0]# mdsenv example_dms
[Expert@mnhqgocpmds02:0]# cpstat mg

Product Name: Check Point Security Management Server
Major version: 6
Minor version: 0
Build number: 993000016
Is started: 1
Active status: active
Status: OK

Connected clients
|Client type|Administrator|Host|Database lock|


0 Kudos

Not API, but command works on both MDS and Domain level


cpprod_util FwIsPrimary



If 1 is Primary

If 0 then secondary

0 Kudos