Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Michael_Horne
Advisor
Jump to solution

Resetting SIC after adding secondary Management server and doing failover

Hello,

We have just finished installing a secondary management server (R80.20). Everything was fully synced and we did the first failover to the secondary management server.

We were not able to install any policies on the firewalls from the secondary management server once it was active. A test of the SIC communication showed that this was failing. We reset the SIC communication on both security gateways in one cluster and then we were able to install a policy from the active management server.

We did a fail back to the primary management server. Once that was active I was able to install a policy to the same security gateway cluster with out have to reset SIC.

Can anyone tell me if this is normal when installing a secondary management server, that SIC needs to be reset on all the security gateways so that they will respond to both the primary and secondary management server?

Many thanks,

Michael

0 Kudos
1 Solution

Accepted Solutions
JozkoMrkvicka
Mentor
Mentor

No, it is not normal. You have to install policy from both managements. You can try to initiate full sync manually and install the database from Primary management (first installed), install policy from Primary and after that try to do switch to the Secondary management and check SIC status from Secondary.

if does not help, check routing on both managements and the gateways. Try to perform tcpdump on the gateway to see if SIC port reached the gateway.

Kind regards,
Jozko Mrkvicka

View solution in original post

0 Kudos
2 Replies
JozkoMrkvicka
Mentor
Mentor

No, it is not normal. You have to install policy from both managements. You can try to initiate full sync manually and install the database from Primary management (first installed), install policy from Primary and after that try to do switch to the Secondary management and check SIC status from Secondary.

if does not help, check routing on both managements and the gateways. Try to perform tcpdump on the gateway to see if SIC port reached the gateway.

Kind regards,
Jozko Mrkvicka
0 Kudos
Michael_Horne
Advisor
Hello, To be honest I did not install the policy on all the firewalls from the primary management server before we did the failover to do the tests on the secondary management server. This could indeed explain the situation as some firewalls did seem to be communicating with the secondary management server. These could have been the ones that had a firewall policy change pushed to them. Many thanks, Michael

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events