Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Contributor

R77.30 Management with no Management server (VSX)

Jump to solution

We are a VSX shop, today we have a single management server in our production environment. If this server failed, how can we make firewall rules and NAT changes via CLI? The gaia portal is not available because we are running VSX. 

 

And before the question is asked, we are planning to create a secondary management server. This is a hypothetical scenario. 

0 Kudos
Reply
1 Solution

Accepted Solutions
Admin
Admin
Whether you have VSX or not, without a management server, you cannot make any policy changes.
Make sure you're making regular backups.
Start here: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

View solution in original post

0 Kudos
Reply
2 Replies
Champion
Champion
The answer is: you would NOT, there is no way to make rulebase changes on a Check Point firewall without the management server.
(unless you are a Check Point developer maybe 😉 )
You need to make sure you have a good backup of your environment, either created a daily migrate export and move it to another box or run a complete GAIA backup, which will include log files.
With a good backup and the availability of a VMware server where you can spin up a new server, you should be able to get back into business within 2 hours with either an import or a restore.
Regards, Maarten
0 Kudos
Reply
Admin
Admin
Whether you have VSX or not, without a management server, you cannot make any policy changes.
Make sure you're making regular backups.
Start here: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

View solution in original post

0 Kudos
Reply