- CheckMates
- :
- Products
- :
- CloudMates Products
- :
- Cloud Network Security
- :
- Discussion
- :
- Re: vsec controller status on standby machine (par...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
vsec controller status on standby machine (partial data)
Hi
We are using an R80.40 Management in HA. There is a vSec Integration (for datacenter obects) implemented. This is where the management gets the objects dynamically from the vCenter and sends these data center objects to the gateways.
On the primary management I can se this status:
vSEC Controller Status: on, Number of imported Data Center Objects: 100
At the same time I can see on the standby management system:
vsec controller status on, standby machine (partial data), Number of imported Data Center Objects: 85
This does not change over time. On both machines I can see the vCenter status "connected".
Is this normal? What will happen if primary management fails? Will we only have 85 DC objects?
Unfortunately I was not able to find any sk or documentation for vSEC controller redundancy. Any hints?
thanks.
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You are right, this is a current limitation and it is on the roadmap to fix.
If you are planning a long downtime to the mgmt server, do a failover to the secondary mgmt and the CloudGuard Controller there will update the GWs.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Daniel, not sure why the on the Standby it show 85.
On Standby, the CloudGuard Controller (old name vsec) is not doing much. Only the instance on the Active mgmt is really doing the work.
After the Standby will be set to Active (this is done from SmartConsole) the CloudGuard Controller (old name is vsec) will re-start and will handle all the tasks.
HTH,
Gil
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Gil
Thanks for the reply. That means if the active mgmt goes down there are no more updates for the gateways. There is no automatic failover for the CloudGard Controller itself? I know that the mgmt failover is a manual task (the mgmt itself is not relevant for a working firewall, so this is ok and most people do not panic if the mgmt goes down or is out of order during an upgrade 🙂 ).
But a not working CloudGard Controller will interrupt traffic at least after some time when the object changes! Is there any way to make the CloudGard Controller redundant / high available? Or do you have any suggestions what to do during an upgrade of the active mgmt (that could go some hours)?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You are right, this is a current limitation and it is on the roadmap to fix.
If you are planning a long downtime to the mgmt server, do a failover to the secondary mgmt and the CloudGuard Controller there will update the GWs.