Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Terry
Contributor
Jump to solution

R77.30 Management with no Management server (VSX)

We are a VSX shop, today we have a single management server in our production environment. If this server failed, how can we make firewall rules and NAT changes via CLI? The gaia portal is not available because we are running VSX. 

 

And before the question is asked, we are planning to create a secondary management server. This is a hypothetical scenario. 

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
Whether you have VSX or not, without a management server, you cannot make any policy changes.
Make sure you're making regular backups.
Start here: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

View solution in original post

0 Kudos
2 Replies
Maarten_Sjouw
Champion
Champion
The answer is: you would NOT, there is no way to make rulebase changes on a Check Point firewall without the management server.
(unless you are a Check Point developer maybe 😉 )
You need to make sure you have a good backup of your environment, either created a daily migrate export and move it to another box or run a complete GAIA backup, which will include log files.
With a good backup and the availability of a VMware server where you can spin up a new server, you should be able to get back into business within 2 hours with either an import or a restore.
Regards, Maarten
0 Kudos
PhoneBoy
Admin
Admin
Whether you have VSX or not, without a management server, you cannot make any policy changes.
Make sure you're making regular backups.
Start here: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events