This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
JaySon_2021
Participant
‎2021-09-01 10:29 AM

Connecting to secondary member in Maestro pair

I need to make a modification to the config (clish) on a Maestro unit. I made the change on the first unit but can't get connected to the second unit. The VIP always takes me to the primary. Is there a way to jump from the primary to the secondary?

0 Kudos
8 Replies
mk1
Collaborator
‎2021-09-01 01:11 PM

On the first place - why do you need to implement a change on both members separately? When you are in gclish your config will be implemented on all group members.

On your question - if your primary member is ch01-01 just type m 1_2 and you will be logged on the secondary. Here's the output of the m command:

[Expert@FW1-ch01-02:0]# m
Move to member

Usage:
member [<group_id>_]<member_id>
member ssm<ssm_id>
member cmm

0 Kudos
JaySon_2021
Participant
‎2021-09-02 06:29 AM
In response to mk1

I inadvertently made the change on the primary (using clish, not glcish). If I run the commands again using gclish from the primary will that work even though the commands already exist on the primary?

0 Kudos
mcatanzaro
Employee
Employee
‎2021-09-02 03:54 PM
In response to JaySon_2021

Check out asg_blade_config. It is the surefire way to ensure your config matches. I would check /etc/xfer_files_list to see if pulling config on SGM 2 will force a reboot first. 

Here is the admin guide for R80.30SP Maestro which explains these in more depth:

https://sc1.checkpoint.com/documents/R80.30SP/WebAdminGuides/EN/CP_R80.30SP_Maestro_AdminGuide/Conte...

0 Kudos
Danny
Champion Champion
Champion
‎2021-09-01 03:12 PM

Just run lldpneighbors to check the IP of your secondary members and directly SSH connect to them. As @mk1 mentioned, you could also use Check Point's SSH wrapper member (alias: m) for this.

0 Kudos
Simon_Macpherso
Advisor
‎2021-09-02 10:20 PM
In response to Danny

 LLDP is disabled by default in Gaia.

Is it supported on Gaia pre-R81? 

0 Kudos
Danny
Champion Champion
Champion
‎2021-09-02 11:19 PM
In response to Simon_Macpherso

LLDP is a core functionality in Maestro and therefore enabled by default since Gaia R80.20SP. See sk175288.

0 Kudos
Simon_Macpherso
Advisor
‎2021-09-02 11:46 PM
In response to Danny

R80.30SP Take 49

lldpneighbors couldn't connect to the OpenLLDP transport socket. Is lldpd running?

0 Kudos
Simon_Macpherso
Advisor
‎2021-09-02 10:31 PM

From SGM1,  i.e. maestro-ch01-01, enter m 1_2 to move to member 2. 

From SGM1, enter m 1_1 to move to member 1.

Enter m then enter to view the usage options. 

Move to member

Usage:
member [<group_id>_]<member_id>
member ssm<ssm_id>
member cmm

From an Orchestrator (MHO),

Connect to SGM1 by running m 1 1, you will be prompted for the admin password.

Connect to SGM2 by running m 1 2, you will be prompted for the admin password.

Enter m then enter to view the usage options

Move to member

Usage:
member <security_group_id> <member_id>

 

What change are you making?

If you run the command again in gclish it should apply to both members. 

Or run asg_blade_config pull_config command on the unit you haven't changed in gClish to pull configuration from the other SGM.  

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
 
Upcoming Maestro Events

    CheckMates Events
    Top