Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
LostBoY
Advisor

Changing Hostname of GWs

Hello,

 

I want to change the hostnames of my R80.40 GWs which are in Geo Cluster .. does this warrant any outage ? .. can i change the hostnames on the fly without any service disruption.

 

Thanks

0 Kudos
8 Replies
Martin_Valenta
Advisor

you can change name of object, only if reset sic and re-establish trust again.

below commands can help you out to not disrupt anything:

cp_conf sic init <SIC_PW_HERE> norestart

cpwd_admin stop -name CPD -path "$CPDIR/bin/cpd_admin" -command "cpd_admin stop"

cpwd_admin start -name CPD -path "$CPDIR/bin/cpd" -command "cpd"

LostBoY
Advisor

Thanks for the reply, i am not looking to change the object name in smartconsole.. i want to change the hostname of the gateway which shows when i connect via CLI to the gateway.

0 Kudos
dc-checkpoint
Explorer

If I follow the steps you gave, at what point and where do I change the hostname so its set on the FW and shows the same name in smart console?

0 Kudos
dc-checkpoint
Explorer

Support gave me the below:

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

I have two firewalls in a cluster.  fw1 and fw2.

They are telling me I have to follow the link and remove the cluster itself from every VPN community and disable VPN blade before renaming and re-sic with fw1 to its new name.

They also said every remote VPN client (150+) all need the sites re-created from scratch because fw1 (member of cluster) will change to fw1_new.   This makes 0 sense to me if this is true.  All the sites are configured to connect to the cluster object and IP itself, even the certificate when you connect the first time points to the name of the cluster.  Nothing direct to an individual FW in the cluster.

So my question here is, is this true, has anyone used this article different, ignored the VPN step and just simply renamed the firewall, re-sic and push policy successfully on r80.40 management server?  

0 Kudos
PhoneBoy
Admin
Admin

It has to do with VPN certificates, which will definitely be different after performing the steps in the SK.
VPN may not work correctly if you ignore the VPN steps entirely, so I don't necessarily recommend it.
That said, I believe the only impact Remote Access users will notice is a fingerprint change the first time they reconnect after the changes have been made.
That could generate some helpdesk calls and I recommend confirming in the lab.

0 Kudos
LostBoY
Advisor

I intend to only change the hostname via CLI.. not the one added in SmartConsole I believe i can change it directly through CLI without any service disruption.. is that correct ?
0 Kudos
Danny
Champion
Champion

Both names must be identical and consistent and added to the other member(s) as well as the managements resolv.conf. It's not recommended to change just one of them at the CLI. If you do that you are risking a service disruption. It also depends on your VPN and certificate setup as outlined above.

0 Kudos
LostBoY
Advisor

There are 2 GWs  which are in cluster and added in SmartConsole.. i want to change the hostname of the two GWs in CLI .. such as ABC1 and ABC2 .. i dont need to change their display name in SmartConsole.. just need to modify their name which shows up when i ssh to the GWs

0 Kudos