This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Bruno_Fernandes
Explorer
‎2021-05-11 05:07 PM

Advice needed: Migrate or upgrade SMS HA?

Hi,

We have a physical Smart-1 server running R80.20 currently managing a cluster of two Checkpoint firewalls.

We are planning on 1. upgrading the management server to the latest version 2. build another virtual SMS server to form a management HA cluster.

Two options here:

1. Build a new virtual SMS running the latest firmware. Migrate policy to the new virtual server. Upgrade the physical one. Finally, form HA between the two.

2. Build a new virtual SMS running R80.20. Form HA between physical and virtual. Upgrade to the latest version.

In my view, option 2 is better as it does not require policy migration. however, I am not sure if there is any restriction or limitation to convert a standalone to HA with virtual SMS. Any advice, steps would be highly appreciated.

 

Thanks.

0 Kudos
4 Replies
Vincent_Bacher
Advisor
Advisor
‎2021-05-11 10:05 PM

Afaik there is no restriction using management ha with physical and virtual device. It is tested and supported. 

To your question: option 3: upgrade smart-1, deploy vm, build ha  🙂

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite
0 Kudos
S_E_
Advisor
‎2021-05-11 10:09 PM

Jm2c

I would prefer option 3.

Upgrade current hardware appliance to R80.40. (in-place upgrade).

(Ensure that you have backup/snapshot and configure gateways to send logs after the SMS is back.)

 

After that, create a virtual SMS. Attach it as standby SMS.

Option 4 would be to take the same type: either both as hardware or both as virtual

Regards

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2021-05-12 12:13 AM

Question: Why do you need to do Management HA ? With SMS installed as VM you will not need the HA capabilities at all, as you can snapshot, clone and change the running image in short time !

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Vincent_Bacher
Advisor
Advisor
‎2021-05-12 01:26 AM
In response to G_W_Albrecht

I assume, the hardware is not old enough to get rid of it, therefore i did not post this reply on my own 🙂

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    Top