This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
aks_2512
Explorer
‎2024-06-27 04:05 AM
Jump to solution

Mgmt server HA broken - standby not communicating R80.20

We have 2x management servers configured in HA. Both the servers were in collision state.
================================================================
Conflict - multiple active servers
mgmt-1: Active. Conflict multiple active servers
mgmt-2: Active. In collision with mgmt-2. Last sync time unavailable.
================================================================
Following Check Point's document (https://sc1.checkpoint.com/documents/R80.20/SmartConsole_OLH/EN/html_frameset.htm?topic=IgYiJZ3l4vRm...), we set the mgmt-2 as Standby. After nearly an hour, the sync completed but now the state has changed to "Failed to communicate with peer "mgmt-2""

================================================================
Failed to communicate with peer "mgmt-2"
mgmt-1: Active. Failed to communicate with peer "mgmt-2"
mgmt-2: No Communication. Communication with mgmt-1 failed since x.y PM.
================================================================

Is a database install required at this stage?

Also, when we view mgmt-2 object, it shows SIC status as "Trust Established" however when we Edit mgmt-2 object it shows SIC status as Uninitialized.
Do we need to reset SIC in this case. If yes, and we do not have the initial SIC (one time passwd) on the primary mgmt server, will setting up a new SIC on the primary mgmt server cause existing trust between pri mgmt server and gateways to break? Or it has no effect on existing trusts. 

Thank you.

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2024-06-28 10:20 AM
In response to aks_2512
Jump to solution

As part of the planned upgrade, you're going to have to do a fresh install of the Management HA node and set up synchronization again.
Seems like this would be a better approach than trying to get the existing management HA on R80.20 working.

View solution in original post

0 Kudos
4 Replies
PhoneBoy
Admin
Admin
‎2024-06-27 08:43 AM
Jump to solution

Is there some reason you're still on R80.20, which has been an unsupported release for a while now?

0 Kudos
aks_2512
Explorer
‎2024-06-27 02:28 PM
In response to PhoneBoy
Jump to solution

Hello PhoneBoy,

Devices were previously managed by third party. We are in the process of replacing the mgmt server and firewalls, one of the prerequisite was to get the existing mgmt server to R81.20 and then move. 

Thank you.

0 Kudos
PhoneBoy
Admin
Admin
‎2024-06-28 10:20 AM
In response to aks_2512
Jump to solution

As part of the planned upgrade, you're going to have to do a fresh install of the Management HA node and set up synchronization again.
Seems like this would be a better approach than trying to get the existing management HA on R80.20 working.

0 Kudos
aks_2512
Explorer
‎2024-06-28 03:08 PM
In response to PhoneBoy
Jump to solution

Thank you PhoneBoy, noted. We will proceed as suggested.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    li.common.scroll-to.top