This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Help

Who rated this post

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
PhoneBoy
Admin
Admin
‎2023-03-24 01:47 PM
In response to FXE

To be clear: the certificates are actually on the secondary management.
Otherwise, you would not be able to promote the secondary to primary and “take over” this function in the event of a failure.

The problem is that the CRL points to the primary management IP only.
Anything that checks the CRL won’t know about the secondary management IP.
The only way to change that on remote gateways is a policy push.
VPN Peers not managed by your Check Point management may also need to reconfigure the CA used for authentication, which will need a different CRL URL. 

Perhaps you can work around this with NAT, but haven’t tried this myself.

(1)
Who rated this post