Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Rabin
Explorer

Adding new SGM in Security Group

Hi Checkmates !

Just Recieved the RMA device so do i add it to Security Group as it has auto clone features on, does this have impact on my production environment or not ? Will all gateway reboot or new added device will only reboot ?

Thanks,

Rabindra

0 Kudos
9 Replies
Dario_Perez
Employee Employee
Employee

Hi

if you RMA is for the SMO then you might expect to have a mini outage since new member take the role as new SMO. 

if is different that SMO, then just new connect would be forwarded to this member. 

Prior to use the auto-clone you must be sure to do fresh install and have the same OS and build than rest of security group members. 

Wolfgang
Authority
Authority

@Dario_Perez please can you explain a little bit more why occurs the "mini outage" ? I think it should be the same as switching the SMO-role from one to another SGM if the SGM holding the SMO restarts or anything else. Connection to the SMO (maybee the SSH session) is lost but I think all synced traffic should not have any problems.

0 Kudos
Martin_Raska
Advisor
Advisor

Hi,

I am curious also, please elaborate why:"since new member take the role as new SMO"

0 Kudos
Dario_Perez
Employee Employee
Employee

SMO handle the main traffic like Dinamic routing and others. is about 11 seconds the time for SMO fail-over. some traffic could be just "re-switch" but the entire process take about 11 seconds

0 Kudos
Wolfgang
Authority
Authority

@Dario_Perez any documentation about this? Which other processes are involved ? I thought in high available environments like Maestro we have no outage if one the SGM is failing.

0 Kudos
Daniel_Szydelko
Advisor
Advisor

I saw such behavior in maestro vsx environment in R81.10 (various JHF) during SMO failover when dynamic routing was involved, but with using the same config with R81.20 (JHF Take_76 / 84) then is gone. 

BR

Daniel

0 Kudos
CheckPointerXL
Advisor
Advisor

i think that is some bugs related to vsx, i read something about that problem

0 Kudos
Dario_Perez
Employee Employee
Employee

SMO handle some process such Dynamic Routing, when DR is involved and SMO failover then DR have to move to next member, also for VPN where the SMO have de decrypt/encrypt role but for other kind of traffic is seamless. for ssh is reconnection only.  

0 Kudos
CheckPointerXL
Advisor
Advisor

can we move/change SMO member manually? delete and re-add member from SG only way to go and mini-outage is expected?  🤔

0 Kudos