Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Dario_Ferroni
Participant

sk60443 - Full HA Cluster & Security management Installation

Hello community,

Does anybody have experience with a GAIA R80.10 Cluster & Security Management Full HA Installation? We are trying to do it on a couple of Appliance 5800. We followed what is described in the sk60443, so we installed the first Appliance as Primary Security Management Server and Security Gateway, and the other one as Secondary.

SIC Communication between the nodes is working fine, but we are not able to bring the Cluster up ("cphaprob state" give back: "HA Module not started") and the sk60443 does not offer much further Information.

Thank you

Dario

6 Replies
G_W_Albrecht
Legend
Legend

Do you have SSD installed ? From sk110053 5000 Appliances:

02277318 Solid State Drive (SSD) is not supported with a Standalone Deployment (Security Management Server and Gateway on one server). 
CCSE CCTE CCSM SMB Specialist
Dario_Ferroni
Participant

Hello,

Thank you for you Reply.

We set up a Full HA Deployment, with redundant Management on redundant Cluster members.

If Security Management Server and Gateway are on one server, but redundant, do we have to consider it anyway as "Standalone"?

Thank you

Dario

0 Kudos
G_W_Albrecht
Legend
Legend

Standalone always means Management and GW on one unit - so neither "pure" single unit Standalone nor Full Management HA Clustering is possible... And what i always tell people: Make SMS in a VM and you will not need a Secondary SMS at all. Full Management HA Clustering out of my experience is not a good deployment at all 😞

CCSE CCTE CCSM SMB Specialist
0 Kudos
Dario_Ferroni
Participant

Thank you for Explanation.

Disks are not SSD, but 2 x 500GB HDD - WD5003ABYZ-011FA0.

Also RAM should not be an issue here, since we are over the 6 GB limitation for a Stand alone installation.

I totally agree with you about the architecture, but we were explicitly asked for this Full Management HA Clustering implementation.

Now, I'd like to know, if this is just theoretically or also practically possible.

If we do not find further Information, we'll open a SR.

Regards

Dario

0 Kudos
G_W_Albrecht
Legend
Legend

Yes, that looks like a case for TAC 😞

CCSE CCTE CCSM SMB Specialist
0 Kudos
Michael_Novokre
Explorer

We have the same problem. Did you get any solution from Checkpoint support?

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events