- CheckMates
- :
- Products
- :
- Quantum
- :
- Management
- :
- SIC on Secondary Management Server
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
SIC on Secondary Management Server
Hello
Could you please advise me on this question?
We have Secondary Management Server on version 77.30. Previously it was connected to mds server. But mds server was shut down. We put secondary SMS in active mode and we were able to connect to it using Smart Dashboard.
It happened that the SIC on secondary SMS was reset (via cpconfig). At the moment we cannot connect to the Secondary SMS using Smart Dashboard. Do I understand correctly that without initializing SIC with primary SMS, we will not be able to work with Secondary SMS?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
SIC should have an impact. When you connect to the Secondary using SmartDashboard you should be given an option to change it from Standby to Active. When it becomes Active it will work like the original Primary Management Server.
BTW - it is highly recommend you upgrade from R77.30. We have stopped supporting it completely in 2019 and future issues will not be handled by TAC.
https://www.checkpoint.com/support-services/support-life-cycle-policy/#software-support
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I agree with @Gojira . By the way, just so its clear, primary will ALWAYS be primary and secondary will ALWAYS be secondary, unless they are rebuilt. Either one can be active or standby, so primary can be standby and secondary can be active, or other way around.
Best,
Andy
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
After the SIC on Secondary SMS was reset, we got this error as shown in the screenshot.
After that we did the procedure described in sk114933. But it did not give any result.
As now we don't have primary SMS, will we be able to work normally with Secondary SMS (connect SmartDashboard, install policies, etc.)?
I see only one solution in this case - clean installation of Secondary SMS and initializing it as primary. But maybe there are some other ways to save the current Secondary SMS. Do you know of any?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can you even ssh into that server? If so, run api status and also watch -d $FWDIR/scripts/./cpm_status.sh (ctrl+c to stop)
Otherwise, if its fialing, verify fwm process, but I would call TAC to confirm the best option.
Andy
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It's R77, that script doesn't exist.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
With it being a secondary and with SIC reset, unless you have a backup from before the SIC reset you may have lost the data on the server. How concerned are you about retrieving the policies and such? If you need a recovery effort, your local PS team might be able to help.
If you don't need to recover anything, then for sure do a clean install to a supported version and start fresh.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you for your reply.
We decided to do a clean install of the management server. However, first we decided to test the database migration from Secondary SMS R77.30 to primary SMS R77.30 in a lab environment. We plan to use the migration tool. As we need to keep the policies on the Management Server.