cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
lanmanjs
Ivory

R80.10 Concurrent Administrators

Jump to solution

I am just now getting into R80.10 Administration.  I am seeing that Check Point is allowing Concurrent Admins in the same Policy.  My question is: 

What about the changes being made?  If I am working on a FW making changes and at the same time another Admin is doing the same thing on the same FW and I finish before he/she does I will save my changes - do I save the other admins changes they have completed up to that point as well?  If I go ahead and push policy am I pushing the other Admins changes they have made up to that point as well as the changes I am pushing?  Once the other Admin finishes their work are they only saving/pushing the changes they completed after I pushed the Policy earlier?

Finally, is there a way to differentiate who made what changes?  Was this taken into consideration by UserID or??  If they are both using a shared Admin ID?

I have dealt with this mess in another FW application and it caused a number of frustrations for the department.

0 Kudos
1 Solution

Accepted Solutions
Admin
Admin

Re: R80.10 Concurrent Administrators

Jump to solution
When you are making changes to a specific object or rule, that object/rule is locked and you can see which admin locked it.
That means no other admin can make a change to that object/rule until the change is published or discarded.
The publish/discard action commits the changes to the management database and only applies to changes made in your session.
You can "take over" a session created by another admin if that session has not published/discarded yet as well.

When you install policy to a specific gateway, all published changes are pushed, whether that specific admin made those change or not.

As a general note, this question might be better in a more public space.
Mind if I move it?
0 Kudos
4 Replies
Admin
Admin

Re: R80.10 Concurrent Administrators

Jump to solution
When you are making changes to a specific object or rule, that object/rule is locked and you can see which admin locked it.
That means no other admin can make a change to that object/rule until the change is published or discarded.
The publish/discard action commits the changes to the management database and only applies to changes made in your session.
You can "take over" a session created by another admin if that session has not published/discarded yet as well.

When you install policy to a specific gateway, all published changes are pushed, whether that specific admin made those change or not.

As a general note, this question might be better in a more public space.
Mind if I move it?
0 Kudos
lanmanjs
Ivory

Re: R80.10 Concurrent Administrators

Jump to solution

Hello - 

Thank you very much for the Reply - it is greatly appreciated.

I just joined Checkmates today and this is my first post so, unfortunately, I will be making a number of the 'rookie, newby' mistakes I'm afraid.  I do not mind if you move this question (or anything else I am bount to make a mistake with) to the correct Group. 

 

Thank you again -  

0 Kudos
Admin
Admin

Re: R80.10 Concurrent Administrators

Jump to solution

That's ok, I made a mistake when I attempted to "move" the thread 🤦‍

0 Kudos

Re: R80.10 Concurrent Administrators

Jump to solution

To answer your question about differentiating changes by multiple administrators, one requirement for concurrent read/write administration is that admimistrators use unique login names.  For figuring out who did what (and even backing out their changes) please see my article here:

https://community.checkpoint.com/t5/Policy-Management/R80-Change-Control-A-Visual-Guide/m-p/39702

 

"IPS Immersion Training" Self-paced Video Class
Now Available at http://www.maxpowerfirewalls.com
0 Kudos