This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Ted_Serreyn
Collaborator
‎2022-03-01 06:00 PM

SMP and HA clusters

Could someone explain to me why the below limitation exists.  It appears that you can configure a cluster in SMP, but you can't enable it locally on the boxes. 

01615544 The user cannot configure a locally managed cluster with SMP or an externally managed log server. 

 

This was sold to a customer after confirming that it appeared that SMP would support clustering.

 

Is there any kind of work around here.  I know you can configure a locally managed cluster, but I really need the SMP integration for the to match the rest of the SMB deployments.

 

Deploying a 1800 HA cluster, but really need the SMP for reporting and centralized management.

 

 

0 Kudos
8 Replies
Amir_Ayalon
Employee
Employee
‎2022-03-01 11:43 PM

Hi Ted.

please notice that this limitation was resolved in R80.20.10

as it appear in the Wiki

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

if you have any other question, feel free.

0 Kudos
Ted_Serreyn
Collaborator
‎2022-03-02 04:33 AM
In response to Amir_Ayalon

Yes, I saw that it was resolved in the SK article.  However I am having issues establishing a cluster with a pair of 1800’s with SMP connection.  If I build it standalone it works fine, but with SMP enabled, cluster configuration fails.  I am trying to understand the original problem to see if it sheds any light on my current one.

 

This is a pair of 1800 appliances with the latest firmware.

 

I have opened a TAC case regarding this,

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2022-03-02 04:48 AM
In response to Ted_Serreyn

So after enabling SMP the secondary will not sync with primary when clustered? You did only configure the primary as usual in SMB clustering ?

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Ted_Serreyn
Collaborator
‎2022-03-02 04:58 AM
In response to G_W_Albrecht

yes, it doesn't even appear to finish the configuration.

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2022-03-02 05:09 AM
In response to Ted_Serreyn

The primary node doesn't even appear to finish the configuration ? Firmware is R80.20.35 (992002614) ?

Y Q was:  when you do the sync interface on an SMB ha cluster, direct connect cable or thru a switch?

Use an Ethernet cross-cable to connect SYNC interfaces on the two appliances.

(Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.35 Centrally Managed Administration Guide p.20)

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2022-03-02 06:37 AM
In response to Amir_Ayalon

In QUANTUM SPARK PORTAL R12.30 Administration Guide, cluster is explained as a number of GWs in Gateway Map:

Multiple gateways at a near location are clustered together. You can click on the cluster and zoom in to show those gateways.

So where is this explained and documented ?

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Ted_Serreyn
Collaborator
‎2022-03-02 06:34 AM

Here is a screenshot after trying to configure the HA on the secondary member.  This same cluster configuration configures (now) as a standalone cluster not connected to SMP.

here is the error receivedhere is the error received

0 Kudos
mattiasl
Explorer
‎2022-11-30 10:21 AM
In response to Ted_Serreyn

I had this issue as well and thought that I would share how I resolved it.

It turns out to be access rules that blocks the traffic on the sync-interface so when trying to configure HA, it fails with the error message "The software version of the primary member is not compatible". I had the firewall setting in SMP set to strict which blocks all traffic. You have to set the firewall setting to standard when you configure the HA. After that you can configure your firewall rules and also a rule to allow traffic on the sync-interface. Then change back firewall policy to strict.

Hope this helps if others have the same issue.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events