Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Paret
Explorer
Jump to solution

Impact "cpstop" SmartCenter (management)

Hello to all,

I have a disk space problem on my management server (SamrtCenter) R80.40.

I would like to implement the procedure (https://supportcenter.checkpoint.com/supportcenter/portal?action=portlets.SearchResultMainAction&eve...) to add a disk in order to increase my log partition.

I would like to know if the "cpstop" command of this procedure will have an impact on my production traffic.
In other words, will this command affect my security gateways?

I hope I have made myself clear.
Thank you in advance for your answers and recommendations.

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin

For a short period of time (e.g. a typical maintenance window of a few hours), having management offline should not impact production traffic.
If management is down for an extended period of time, it can have an impact on:

  • Site-to-Site VPNs authenticated using ICA Certificates (VPNs will terminate after 24 hours due to the CRL being unavailable)
  • Use of the CloudGuard Controller (see sk115657), which includes the use of Generic Datacenter objects (previous lookups are cached for a time)

View solution in original post

4 Replies
PhoneBoy
Admin
Admin

For a short period of time (e.g. a typical maintenance window of a few hours), having management offline should not impact production traffic.
If management is down for an extended period of time, it can have an impact on:

  • Site-to-Site VPNs authenticated using ICA Certificates (VPNs will terminate after 24 hours due to the CRL being unavailable)
  • Use of the CloudGuard Controller (see sk115657), which includes the use of Generic Datacenter objects (previous lookups are cached for a time)
the_rock
Legend
Legend

I think what @PhoneBoy said is most likely correct. You definitely dont want it to be down for too long, but if you only need to do this and then restart or shut down, I believe thats safe. I had done things like this before where mgmt server was down for up to 30 mins and no issues with production traffic at all.

Andy

Chris_Atkinson
Employee Employee
Employee

Kinda goes without saying but you also won't have access to your logs while performing this process, to the extent possible the gateways will buffer logs locally until mgmt returns.

CCSM R77/R80/ELITE
Daniel_Szydelko
Advisor
Advisor

Then it's worth saying that configuring Log Forwarding Settings (gateway/cluster object > Logs > Additional Logging) will be good option to automatically forward these logs on scheduled time back to SMS. Of course if SMS is only log server for these gateways/cluster.

BR

Daniel. 

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events