Mastering Endpoint Security -
Best Practices for 2024
Customer Threat Prevention
& Vulnerability Management Survey
Hunting Malware Using Memory Forensics
CheckMates Toolbox Contest 2024
Make Your Submission for a Chance to WIN up to $300 Gift Card!
CPX 2024 Content
is Here!
CheckMates Go:
Identity Awareness Best Practices
To be clear: the certificates are actually on the secondary management.
Otherwise, you would not be able to promote the secondary to primary and “take over” this function in the event of a failure.
The problem is that the CRL points to the primary management IP only.
Anything that checks the CRL won’t know about the secondary management IP.
The only way to change that on remote gateways is a policy push.
VPN Peers not managed by your Check Point management may also need to reconfigure the CA used for authentication, which will need a different CRL URL.
Perhaps you can work around this with NAT, but haven’t tried this myself.
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY
