Management HA lab

the_rock · ‎2024-08-15

Ola boys and girls,

I built R81.20 and R82 management HA lab, tested both, works well, so if anyone has any issues and would like any test done, happy to do it. I also attached some screenshots in a word doc as well.

Best,

Andy

the_rock · ‎2024-08-15

I feel this is super important to mention, as I had people ask me many times...

So when ACTIVE mgmt is shut down or rebooted, NO, the standby does NOT automatically take over, you have to log into smart console with standby member's IP, change it over to active, log back in again and then you can modify/install policy.

Then, once old active, now standby, comes back, you can do the same process to flip back. Also, if active at that time shows mgmt ha from smart console greyed out, just install database, wait couple minutes and it will be available.

Hope that helps.

Andy

emmap · ‎2024-08-16

I believe if you set the secondary as active while the primary is offline and hence unable to be set to standby, the primary will come back as active and they'll be in a collision state. If you find your servers in this state, be careful which one you set standby and sync to, as the database on the remaining active server will be what's left. If you have for example made changes on the secondary while it is active, then set it back to standby when the primary comes back online and does not have those changes, you'll lose them.

Hence we generally recommend avoiding making changes when your active management server is offline instead of setting the other one active, unless you need to.

the_rock · ‎2024-08-16

Actually, I did not find that to be required. I shut down active, then logged into standby and simply changed it to active, logged in again, no issues, as they were already synced.

I wish this syncing process was automatic, thats what I never understood about management HA, but it was manual probably since the beginning. I cant say that as a fact, but I know 100% its been that way for probably 20 years now, at least.

Edit: I could be wrong about sync part, at least doing it manually, though I was never able to actually confirm this for certain. I know for example, if you log into active one, shows standby is synced at that time, but then if smart console stays open for say 10 hours, it still always shows sync time from 10 hours ago, at least in my lab, so would be nice if someone could confirm for sure how that process works.

Andy

the_rock · ‎2024-08-16

So below, says its synced at regular intervals, but anyone knows how often?

Andy

https://sc1.checkpoint.com/documents/R80.30/WebAdminGuides/EN/CP_R80.30_SecurityManagement_AdminGuid...

the_rock · ‎2024-08-16

Though I could not find actual statement about this, but based on checking I had done this morning, both R81.20 and R82, appears sync is done every 30 minutes automatically,

R81.20 -> 8.31 am 39 seconds -> 9.01 am 39 seconds -> 9.31 am 39 seconds

R82 -> 8.27 am -> 8.57 am -> 9.27 am

Andy

emmap · ‎2024-08-16

It also delta syncs every time you publish a change, afaik.

the_rock · ‎2024-08-17

You are 100% right about that, confirmed in the lab. I think it was coincidental I saw 30 mins intervals yesterday, as after I made that post, it was super random intervals.

Andy

Are you a member of CheckMates?

Management HA lab