Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
JaySon_2021
Participant

Connecting to secondary member in Maestro pair

I need to make a modification to the config (clish) on a Maestro unit. I made the change on the first unit but can't get connected to the second unit. The VIP always takes me to the primary. Is there a way to jump from the primary to the secondary?

0 Kudos
8 Replies
mk1
Collaborator

On the first place - why do you need to implement a change on both members separately? When you are in gclish your config will be implemented on all group members.

On your question - if your primary member is ch01-01 just type m 1_2 and you will be logged on the secondary. Here's the output of the m command:

[Expert@FW1-ch01-02:0]# m
Move to member

Usage:
member [<group_id>_]<member_id>
member ssm<ssm_id>
member cmm

0 Kudos
JaySon_2021
Participant

I inadvertently made the change on the primary (using clish, not glcish). If I run the commands again using gclish from the primary will that work even though the commands already exist on the primary?

0 Kudos
mcatanzaro
Employee
Employee

Check out asg_blade_config. It is the surefire way to ensure your config matches. I would check /etc/xfer_files_list to see if pulling config on SGM 2 will force a reboot first. 

Here is the admin guide for R80.30SP Maestro which explains these in more depth:

https://sc1.checkpoint.com/documents/R80.30SP/WebAdminGuides/EN/CP_R80.30SP_Maestro_AdminGuide/Conte...

0 Kudos
Danny
Champion Champion
Champion

Just run lldpneighbors to check the IP of your secondary members and directly SSH connect to them. As @mk1 mentioned, you could also use Check Point's SSH wrapper member (alias: m) for this.

0 Kudos
Simon_Macpherso
Advisor

 LLDP is disabled by default in Gaia.

Is it supported on Gaia pre-R81? 

0 Kudos
Danny
Champion Champion
Champion

LLDP is a core functionality in Maestro and therefore enabled by default since Gaia R80.20SP. See sk175288.

0 Kudos
Simon_Macpherso
Advisor

R80.30SP Take 49

lldpneighbors couldn't connect to the OpenLLDP transport socket. Is lldpd running?

0 Kudos
Simon_Macpherso
Advisor

From SGM1,  i.e. maestro-ch01-01, enter m 1_2 to move to member 2. 

From SGM1, enter m 1_1 to move to member 1.

Enter m then enter to view the usage options. 

Move to member

Usage:
member [<group_id>_]<member_id>
member ssm<ssm_id>
member cmm

From an Orchestrator (MHO),

Connect to SGM1 by running m 1 1, you will be prompted for the admin password.

Connect to SGM2 by running m 1 2, you will be prompted for the admin password.

Enter m then enter to view the usage options

Move to member

Usage:
member <security_group_id> <member_id>

 

What change are you making?

If you run the command again in gclish it should apply to both members. 

Or run asg_blade_config pull_config command on the unit you haven't changed in gClish to pull configuration from the other SGM.  

0 Kudos