Saving the Multi-Domain Security Management IPS Configuration
When upgrading to R80.10, the previous Domain IPS configuration is overridden when you first assign a Global Policy.
Best Practice - Save each Domain IPS configuration, so that you can restore the settings after the upgrade:
- Connect with Multi-Domain Server to R7x Multi-Domain Server.
- Click tab .
- Click the near the Domain name.
- Right-click the Domain Management Server > click .
- Click the tab.
- In the section, select .
- Click .
Notes:
- If you manage IPS globally, you must reassign the global policy before installing the policy on the managed Security Gateways.
- Customers upgrading to the current version should note that the IPS subscription has changed. All Domains subscribed to IPS are automatically assigned to an "Exclusive" subscription. The "Override" and "Merge" subscriptions are no longer supported.
For more on IPS in Multi-Domain Server environment, see the R80.10 Multi-Domain Server Administration Guide.
Enabling IPv6 on Multi-Domain Security Management
If your Multi-Domain Security Management environment uses IPv6 addresses, you first must enable IPv6 support for the Multi-Domain Servers and for existing Domain Management Servers. It is not necessary to enable IPv6 support for Domain Management Servers that you create after IPv6 is enabled on the Multi-Domain Server, because this is handled automatically.
Important - You must assign an IPv4 address for each Multi-Domain Server, Multi-Domain Log Servers, Domain Management Server and Domain Log Server. The IPv6 address is optional.
Preliminary steps:
- Enable the IPv6 support in Gaia.
- Assign an IPv6 address and default gateway to the Leading Interface (typically,
eth0). - Assign an IPv6 address and default gateway to the management interfaces.
- Write down the Multi-Domain Server IPv6 address, the host names and IPv6 addresses for all Domain Management Servers.
This is necessary because the system restarts after you enable IPv6 support.
To enable IPv6 support for the Multi-Domain Server:
- Connect to the command line on the Primary Multi-Domain Server over SSH or console.
- Log in to Gaia Clish or Expert mode.
- Run:
mdsconfig - Select .
- Enter when prompted to change the IPv6 preferences.
Enter again to confirm.
- When prompted for the Leading Interface name, enter the name of the management interface (typically,
eth0). - When prompted, enter the management interface IPv6 address.
- Press to restart Check Point services.
To enable IPv6 support for existing Domain Management Servers:
- Connect to the command line on the Primary Multi-Domain Server over SSH or console.
- Log in to Gaia Clish or Expert mode.
- Run:
mdsconfig - Select .
- Enter when asked to change the IPv6 preferences for Domain Management Servers.
- Enter to add support to an existing Domain Management Server.
- Enter to add support to all Domain Management Servers at once.
Enter again to confirm.
- Do one of these:
- Enter to manually add IPv6 addresses,
- Press to automatically assign IPv6 address from a specified range.
- Follow the instructions on the screen to enter the IPv6 addresses or a range of IPv6 addresses.
To manually enable IPv6 support for specified Domain Management Servers:
- Connect to the command line on the Primary Multi-Domain Server over SSH or console.
- Log in to Gaia Clish or Expert mode.
- Run:
mdsconfig - Select .
- At the prompt, enter to change the IPv6 preferences for Domain Management Servers.
- Enter to add support to an existing Domain Management Server.
- Enter when asked to enable IPv6 support for all Domain Management Servers at once.
Enter to confirm.
- At the prompt, enter the Domain Management Server name.
The available Domain Management Servers show above prompt. You can copy and paste the name.
- Enter the IPv6 address.
- At the prompt, enter one of these:
- Enter to enable another Domain Management Server.
- Enter to complete the procedure.
