This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Zia_2020
Explorer
‎2020-10-07 06:23 PM

Management HA in Azure

Team - Our on-prem management server is a smart-1 appliance. It currently manages on prem firewalls as well as CloudGuard gateways. For management HA we would like to deploy it on Azure. Is this supported and if so do I use vSEC for MS Azure Stack, CloudGuard Management VM or something else. Please advise. TY

0 Kudos
6 Replies
Harshpal_Bhati
Employee
Employee
‎2020-10-07 09:34 PM

If i understand correctly you are planning to migrate from on prem smart-1 to cloud management .You have to options here :

 

1. you can go for BYOL and you will need NGMS license . you can deploy two VM and build HA , Same as we do for open server 

2. You should consider Smart-1 cloud , Which has far more benefit . 

Zia_2020
Explorer
‎2020-10-08 08:34 PM
In response to Harshpal_Bhati

Harshpal - Thanks for your quick response. We are not looking to migrate. We already have a smart-1 mgmt. server on prem, but no backup management server. Rather then building the backup mgmt server on prem, we would like to do it on the cloud instead. So primary mgmt server will be on-prem while backup on cloud.

smart-1 cloud makes sense but cost is a factor. So we are looking for a quick solution for management HA

0 Kudos
PhoneBoy
Admin
Admin
‎2020-10-08 10:06 PM

Nothing to suggest it's not supported: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

flachance
Advisor
‎2020-12-09 06:19 AM

We did this. We deployed from the Marketplace and selected CloudGuard Network Security - Firewall & Threat prevention. We then selected CheckPoint Security Management.

By default the deployment will be for a Primary Management server. So you need to change the installation type from 'Management' to 'Configure Manually'. This allows to run the first time configuration and select Secondary for the management server.

 

 

0 Kudos
razotevsSVR
Explorer
‎2022-11-30 06:18 AM
In response to flachance

Hi, flachance,

Kind of in similar situation (Coudguard HA management). After a manual deployment and configuring from the wizard seems to be establishing trust. Following sk54160 however is not completely successful. Still Management High Availability shows "No Communication" and last time stamp with communication is the moment of the initial SIC trust establishment.

Same Vnet, Same subnet, No NSG, No Firewalls in-between, Ping from 1>>>2 and 2>>>1 successful, Latest jumbo hotfix take 79 on R81.10

Any idea what can be wrong?

0 Kudos
flachance
Advisor
‎2022-12-07 06:30 AM
In response to razotevsSVR

NATing maybe? Take a look at sk39740 "How to configure management HA when the Primary and Secondary management servers are on separate networks"

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
UPCOMING CLOUDMATES EVENTS
    All CloudMates Events