The Active server synchronizes with the Standby server or servers at intervals, and when you publish the session. Sessions that are not published are not synchronized.
When the administrator initiates changeover, all public data is synchronized from the new Active to the new Standby server after the Standby becomes Active. Data from the new Active overrides the data on the new Standby. Unpublished changes are not synchronized.
Best Practice - We recommend that you publish changes before initiating a changeover to the Standby.
To Interchange the Active and Standby:
The High Availability Status window opens.
This changes the previous Active server to Standby.
Related Topics |
You can make more than one server Active. You may need to do that if there is no connectivity to the primary. When you change the Standby to Active, it becomes Active without telling the current Active server to become Standby. This is known as collision mode. You can later change one of the Active servers to Standby, and return to the standard configuration.
When in collision mode, the Active servers do not sync even if they have network connectivity. When you change one of them to Standby, sync starts and overwrites the data on the Standby server with the remaining Active data.
These error messages show in the High Availability Status window when synchronization fails:
Not communicating
Solution:
Collision or HA Conflict
More than one management server is configured as active.
Solution:
The High Availability Status window opens.
Warning - When this server becomes the Standby, all its data is overwritten by the active server.
Sync Error
Solution:
Do a manual sync.
Environments that include Endpoint Security require additional steps and information.
See High Availability in the R80.30 Endpoint Security Administration Guide for details.
If the primary management server becomes permanently unavailable:
Note - This is not supported for environments with Endpoint Security.
IMPORTANT: Check Point product licenses are linked to IP addresses. At the end of the disaster recovery you must make sure that licenses are correctly assigned to your servers.
To create a new Primary Management Server:
To set the old Primary Management Server as the new Primary Management Server:
The first management server installed is the Primary Server and all servers installed afterwards are Secondary servers. The Primary server acts as the synchronization master. When the Primary server is down, secondary servers cannot synchronize their databases until a Secondary is promoted to Primary and the initial syncs completes.
Note - This is the disaster recovery method supported for High Availability environments with Endpoint Security.
To promote a Secondary server to become the Primary server:
#$FWDIR/bin/promote_util
#cpstop
$FWDIR/conf/mgha*
files. They contain information about the current Secondary settings. These files will be recreated when you start the Check Point services.mgmtha
license on the newly promoted server.Note - All licenses must have the IP address of the promoted Security Management Server.
cpstart
on the promoted server.Note - When you remove the old Primary server, all previous licenses are revoked.