Changing a Server to Active or Standby

To change the status of a server:

1. Open SmartConsole.
2. Connect to the Active server.
3. On the Menu button, select High Availability.

   The High Availability Status window opens.

4. Using the Action buttons, Change the Active server to standby, or one of the standby servers to active.

   The servers synchronize before a failover occurs to the new active server.

High Availability Disaster Recovery

If the primary management server becomes permanently unavailable:

• Create a new Primary server with the IP address of the original Primary server

  Note: This is not supported for environments with Endpoint Security.

• Promote the Secondary server to Primary and create new licenses.

  IMPORTANT: Check Point product licenses are linked to IP addresses. At the end of the disaster recovery you must make sure that licenses are correctly assigned to your servers.

Recovery By Creating a New Primary Server

1. Change the Secondary management server from Standby to Active.
2. Install a new Primary server with the same IP address and hostname as the original Primary server.
3. Synchronize the new Primary server with your Active server.

   (Create the active server as an object in the new primary, establish SIC and synchronize the databases).

4. Change the new Primary server to Active server

   The original Secondary server returns to Standby.

5. Reassign licenses.

Promoting a Secondary Server to Primary

The first management server installed is the Primary Server and all servers installed afterwards are Secondary servers. The Primary server acts as the synchronization master. When the Primary server is down, secondary servers cannot synchronize their databases until a Secondary is promoted to Primary and the initial syncs completes.

To promote a Secondary server to become the Primary server:

1. On the Secondary Server that you will promote, run:

   #$FWDIR/bin/promote_util
#cpstop

2. Remove the $FWDIR/conf/mgha* files. They contain information about the current Secondary settings. These files will be recreated when you start the Check Point services.
3. Make sure you have a mgmtha license on the newly promoted server.

   Note - All licenses must have the IP address of the promoted Security Management Server.

4. Run cpstart on the promoted server.
5. Open SmartConsole, and:
   1. Make the secondary server active.
   2. Remove all instances of the old Primary Management object. To see all of the instances, right-click the object and select Where Used.

      Note - When you remove the old Primary server, all previous licenses are revoked.

   3. Install database.