Print Download PDF Send Feedback

Previous

Next

Installing the Secondary Security Management Server in Management High Availability

Workflow:

  1. Install the Secondary Security Management Server.
  2. Configure the Secondary Security Management Server object in SmartConsole.

Step 1 of 2: Install the Secondary Security Management Server

Step

Description

1

Install the Gaia Operating System:

Important - You must use the same Gaia installation version as you used for the Primary Security Management Server.

2

Run the Gaia First Time Configuration Wizard.

3

During the First Time Configuration Wizard, you must configure these settings:

  • In the Installation Type window, select Security Gateway and/or Security Management.
  • In the Products window:
    1. In the Products section, select Security Management only.
    2. In the Clustering section, in the Define Security Management as field, select Secondary.
  • In the Secure Internal Communication window, enter the desired Activation Key (between 4 and 127 characters long).

Step 2 of 2: Perform initial configuration in SmartConsole

Step

Description

1

Connect with SmartConsole to the Primary Security Management Server.

2

From the left navigation panel, click Gateways & Servers.

3

Create a new Check Point Host object that represents the Secondary Security Management Server in one of these ways:

  • From the top toolbar, click the New (Star icon) > More > Check Point Host.
  • In the top left corner, click Objects menu > More object types > Network Object > Gateways & Servers > New Check Point Host.
  • In the top right corner, click Objects Pane > New > More > Network Object > Gateways and Servers > Check Point Host.

4

Click the General Properties page.

5

In the Name field, enter the desired name.

6

In the IPv4 Address and IPv6 Address fields, enter the applicable IP addresses.

7

In the Platform section:

  • In the Hardware field, select the applicable option
  • In the Version field, select R80.20
  • In the OS field, select Gaia

8

On the General Properties page, click the Management tab.

9

Select Network Policy Management.

Make sure the Secondary Server is selected and greyed out.

Note - The SmartEvent Software Blade is not supported in Management High Availability environment (sk25164).

10

Establish the Secure Internal Communication (SIC) between the Primary Security Management Server and the Secondary Security Management Server:

  1. In the Secure Internal Communication field, click Communication.
  2. Enter the same Activation Key you entered during the First Time Configuration Wizard of the Secondary Security Management Server.
  3. Click Initialize. The Trust state field must show Established.
  4. Click Close.

11

Click OK.

12

In the SmartConsole top left corner, click Menu > Install database.

13

Select all objects.

14

Click Install.

15

Click OK.

16

In the SmartConsole top left corner, click Menu > Management High Availability.

17

Make sure the Security Management Servers are able to synchronize.

Disk space for logs and indexes:

The Security Management Server with Log Indexing enabled, creates and uses index files for fast access to log file content. Index files are located by default at $RTDIR/log_indexes/.

To make sure that there is always sufficient disk space on the Security Management Server, the server that stores the log index deletes the oldest index entries, when the available disk space is less than a specified minimum. The default minimum value is 5000 MB, or 15% of the available disk space.

To configure the desired minimum disk space:

Step

Description

1

In the SmartConsole, edit the object of the Secondary Security Management Server.

2

From the left navigation tree, click Logs > Storage.

3

Select When disk space is below <number> Mbytes, start deleting old files.

4

Enter the desired disk space value.

5

Click OK.

For more information:

See the R80.20 Security Management Administration Guide.