This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Jonathan_Pitt
Participant
‎2017-11-23 01:54 AM

crypt.def R80.10 MDS HA

Long story short my Primary MDS went bad due to R80.10's apparent inability to add and remove domains and CMA's properly (but that's a conversation for another time)

So I have followed instruction to promote my secondary CMA to Primary that seemed to work OK and added a new secondary MDS in place of the failed one. Touch wood all will be OK.

However one of my domains has a custom crypt.def and whilst seeking confidence that all will be well with my new Primary MDS / CMA I checked that the custom crypt.def is present in my new primary/active CMA and found that the config isn't there.


I looked at my R77.30 environment and can see that (as suggested) the cypt.def syncs between CMA's (unless I manually configured it on both CMA's in the past and I don't remember) but in R80.10 it doesn't seem to.

I have since re-created the crypt.def on the new primary CMA as I am rather worried what may happen when policy is pushed from that newly active CMA.

Is this expected behaviour i.e. once compiled on the Primary, the secondary's store this config elsewhere? Or is an isolated case in my environment and the sync is for some reason broken.

I'd appreciate it if someone could check their R80.10 HA MDS environment and see if the crypt.def is indeed being sync'd or not. Or just some guidance as to what is the expected behaviour.

Thanks

0 Kudos
1 Reply
Jonathan_Pitt
Participant
‎2017-11-23 06:36 AM

Well this is an interesting or more confusing development.


I just checked and it appears my crypt.def HAS in fact now sync'd over to my secondary.

This is confusing because:

a) When I defined the file and forced / ensured the MDS's were sync'd last night it didn't seem to sync (hence me starting this discussion). The timestamp on the file is unfortunately the same and not useful to identify time of sync.

b) In the several weeks/months since I implemented the Secondary MDS (which is now Primary) the crypt.def didn't sync from the now defunct Primary hence me starting this discussion as I was alarmed it wasn't present. Unless it cleared itself when then the Secondary was promoted to Primary?

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events