Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Zia_2020
Explorer

Management HA in Azure

Team - Our on-prem management server is a smart-1 appliance. It currently manages on prem firewalls as well as CloudGuard gateways. For management HA we would like to deploy it on Azure. Is this supported and if so do I use vSEC for MS Azure Stack, CloudGuard Management VM or something else. Please advise. TY

0 Kudos
6 Replies
Harshpal_Bhati
Employee
Employee

If i understand correctly you are planning to migrate from on prem smart-1 to cloud management .You have to options here :

 

1. you can go for BYOL and you will need NGMS license . you can deploy two VM and build HA , Same as we do for open server 

2. You should consider Smart-1 cloud , Which has far more benefit . 

Zia_2020
Explorer

Harshpal - Thanks for your quick response. We are not looking to migrate. We already have a smart-1 mgmt. server on prem, but no backup management server. Rather then building the backup mgmt server on prem, we would like to do it on the cloud instead. So primary mgmt server will be on-prem while backup on cloud.

smart-1 cloud makes sense but cost is a factor. So we are looking for a quick solution for management HA

0 Kudos
PhoneBoy
Admin
Admin

flachance
Advisor

We did this. We deployed from the Marketplace and selected CloudGuard Network Security - Firewall & Threat prevention. We then selected CheckPoint Security Management.

By default the deployment will be for a Primary Management server. So you need to change the installation type from 'Management' to 'Configure Manually'. This allows to run the first time configuration and select Secondary for the management server.

 

 

0 Kudos
razotevsSVR
Explorer

Hi, flachance,

Kind of in similar situation (Coudguard HA management). After a manual deployment and configuring from the wizard seems to be establishing trust. Following sk54160 however is not completely successful. Still Management High Availability shows "No Communication" and last time stamp with communication is the moment of the initial SIC trust establishment.

Same Vnet, Same subnet, No NSG, No Firewalls in-between, Ping from 1>>>2 and 2>>>1 successful, Latest jumbo hotfix take 79 on R81.10

Any idea what can be wrong?

0 Kudos
flachance
Advisor

NATing maybe? Take a look at sk39740 "How to configure management HA when the Primary and Secondary management servers are on separate networks"

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.