Hey guys,
Hope someone can clarify this for me, just need to be 100% sure. Have a customer that currently has management HA on R81.20 and they wish to upgrade it to R82, but, they want to get rid of current primary and have secondary as the only one left (ie primary).
What is the tight way to do this? is it follow below to promote secondary and then delete primary server object from smart console? If I recall, dont believe its possible to promote current secondary while primary is operational? Or maybe do cpstop on primary or power it off and then promote other one?
Thoughts? Tx as always
Andy
https://sc1.checkpoint.com/documents/R80.30/WebAdminGuides/EN/CP_R80.30_SecurityManagement_AdminGuid...
Promoting a Secondary Server to Primary
The first management server installed is the Primary Server and all servers installed afterwards are Secondary servers. The Primary server acts as the synchronization master. When the Primary server is down, secondary servers cannot synchronize their databases until a Secondary is promoted to Primary and the initial syncs completes.
Note - This is the disaster recovery method supported for High Availability environments with Endpoint Security.
To promote a Secondary server to become the Primary server:
- On the Secondary Server that you will promote, run:
#$FWDIR/bin/promote_util
#cpstop
- Remove the
$FWDIR/conf/mgha* files. They contain information about the current Secondary settings. These files will be recreated when you start the Check Point services.
- Make sure you have a
mgmtha license on the newly promoted server.
Note - All licenses must have the IP address of the promoted Security Management Server.
- Run
cpstart on the promoted server.
- Open SmartConsole, and:
- Make the secondary server active.
- Remove all instances of the old Primary Management object. To see all of the instances, right-click the object and select .
Note - When you remove the old Primary server, all previous licenses are revoked.
- Install database.
