This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
morris
Contributor
‎2025-05-02 01:47 AM
Jump to solution

R82 - Management HA - SIC not possible

Hi,

we have 2 Smart-1 600 M. We did fresh install with R82. First one configured as Management Primary. Second one as Management Secondary.

When adding the second one in SmartConsole it creates a error message "Failed to connect to the Security Gateway".
It was added as Check Point Host. Enabled Blades "Network Policy Management" where it automatically checked "Secondary Server".

Both machines are in the same subnet and I see packets between them via tcpdump. I also can connect from one cli to another.

Is this a R82 limitation or what could be the cause?

 

Labels
0 Kudos
1 Solution

Accepted Solutions
emmap
Employee
Employee
‎2025-05-02 03:17 AM
In response to morris
Jump to solution

Ahh, there's the problem. The blink package will have clean installed it as a primary management server. Blink doesn't support secondary management servers, you'll have to fresh build it using the GA R82 install package, run the FTW again and install JHF t12 before SIC'ing it into the primary management server.

View solution in original post

4 Replies
emmap
Employee
Employee
‎2025-05-02 02:12 AM
Jump to solution

It's not a limitation. Is the same JHF take installed on both? 

0 Kudos
morris
Contributor
‎2025-05-02 02:17 AM
In response to emmap
Jump to solution

Yes. R81 was preinstalled. I've uploaded the latest Blink Image R82 T12 and right-clicked it as clean install.

The secondary management is now in a red state in SmartConsole and I see CPD packets:

11:15:22.110813 IP 192.168.1.75.49403 > 192.168.1.76.18192: Flags [S], seq 661197577, win 29200, options [mss 1460,sackOK,TS val 723357739 ecr 0,nop,wscale 10], length 0
11:15:22.110831 IP 192.168.1.76.18192 > 192.168.1.75.49403: Flags [S.], seq 3035952362, ack 661197578, win 28960, options [mss 1460,sackOK,TS val 3767154673 ecr 723357739,nop,wscale 10], length 0
11:15:22.110907 IP 192.168.1.75.49403 > 192.168.1.76.18192: Flags [.], ack 1, win 29, options [nop,nop,TS val 723357739 ecr 3767154673], length 0
11:15:22.110917 IP 192.168.1.75.49403 > 192.168.1.76.18192: Flags [P.], seq 1:5, ack 1, win 29, options [nop,nop,TS val 723357739 ecr 3767154673], length 4
11:15:22.110920 IP 192.168.1.76.18192 > 192.168.1.75.49403: Flags [.], ack 5, win 29, options [nop,nop,TS val 3767154674 ecr 723357739], length 0
11:15:22.110963 IP 192.168.1.76.18192 > 192.168.1.75.49403: Flags [P.], seq 1:5, ack 5, win 29, options [nop,nop,TS val 3767154674 ecr 723357739], length 4
11:15:22.111004 IP 192.168.1.75.49403 > 192.168.1.76.18192: Flags [P.], seq 5:9, ack 1, win 29, options [nop,nop,TS val 723357739 ecr 3767154674], length 4

0 Kudos
emmap
Employee
Employee
‎2025-05-02 03:17 AM
In response to morris
Jump to solution

Ahh, there's the problem. The blink package will have clean installed it as a primary management server. Blink doesn't support secondary management servers, you'll have to fresh build it using the GA R82 install package, run the FTW again and install JHF t12 before SIC'ing it into the primary management server.

morris
Contributor
‎2025-05-02 05:59 AM
In response to emmap
Jump to solution

Then that was the reason. The Management HA is now online. Thank you.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events