This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
greenchair
Explorer
Saturday
Jump to solution

Secondary Azure management server

Hi,

We are creating a secondary R81.10 management server in Azure.  ( We will be upgrading entire environment next year to R82)

The primary server was built using Azure marketplace. marketplace 

Per docs we are building the secondary server with the same marketplace app. 

Inkedmarketplace_LI.jpg

In this doc here it says to select Secondary server when creating the server. : Overview of Management High Availability

(Video shows R80 but is on the R81 Doc.)

But the first time setup wizard does not seem to run on first login and there are no options in the marketplace tool to select Secondary.

secondary.png

In the Smart Console the Secondary button is greyed out:

 

greyed-out.png

 

Can we just proceeded with syncing the servers with both servers set as primary ?

Primary and Secondary both have the latest hotfix installed.

There also does not seem to be anywhere to set a SIC key. I am guessing this would be available if this was a secondary server.

 

Also. the new secondary management server seems to take the public IP address by default.

Is this safe to change to the private post install ?

thanks

0 Kudos
1 Solution

Accepted Solutions
Don_Paterson
MVP Gold
MVP Gold
Saturday
Jump to solution

No. Two Primary management server cannot sync and offer management HA.

 

When you deploy the image from the marketplace you need to choose Configure Manually under CloudGuard Advanced settingsInstallation Type

 

Then you can run the FTW on the new server.

Azure-2nd-SMS.png

 

 

View solution in original post

6 Replies
Don_Paterson
MVP Gold
MVP Gold
Saturday
Jump to solution

No. Two Primary management server cannot sync and offer management HA.

 

When you deploy the image from the marketplace you need to choose Configure Manually under CloudGuard Advanced settingsInstallation Type

 

Then you can run the FTW on the new server.

Azure-2nd-SMS.png

 

 

Don_Paterson
MVP Gold
MVP Gold
Saturday
Jump to solution

Just to add a few notes:

You shared an R81 guide. It is best to use the R81.10 guides in your case. I don't think that you will see a difference in the case of management HA but it's still best to use the version specific documentation.

https://support.checkpoint.com/results/sk/sk170416  <-- Administration Guides

https://sc1.checkpoint.com/documents/R81.10/WebAdminGuides/EN/CP_R81.10_SecurityManagement_AdminGuid... 

 

The Management HA for Azure solution deployment does not seem to be well documented and you are not the first to find fall into that trap. 

I will ask for the documents to be updated.

 

Other references:

https://support.checkpoint.com/results/sk/sk173705 

https://support.checkpoint.com/results/sk/sk54160 

https://support.checkpoint.com/results/sk/sk132192

https://support.checkpoint.com/results/sk/sk39345 

https://support.checkpoint.com/results/sk/sk30857 

0 Kudos
greenchair
Explorer
Saturday
In response to Don_Paterson
Jump to solution

Brilliant. Thanks for the quick reply !

Yes the docs seem to go around in circles sometimes.

0 Kudos
the_rock
MVP Platinum
MVP Platinum
Saturday
In response to greenchair
Jump to solution

It happens 🙂

Best,
Andy
0 Kudos
Don_Paterson
MVP Gold
MVP Gold
Saturday
In response to greenchair
Jump to solution

You're welcome. 

I've sent some feedback in about that. 

0 Kudos
the_rock
MVP Platinum
MVP Platinum
Saturday
Jump to solution

Don is 100% correct, you need to follow what he posted in his first response, and he stated, you can NOT sync two primary servers, that was never possible and Im sure it never will be.

Best,
Andy
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
UPCOMING CLOUDMATES EVENTS
    All CloudMates Events