Changing the IP Address of a Domain Management Server or Domain Log Server
This procedure lets you change the current IP Address of:
-
A Domain Management Server Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server. on a Multi-Domain Server Dedicated Check Point server that runs Check Point software to host virtual Security Management Servers called Domain Management Servers. Synonym: Multi-Domain Security Management Server. Acronym: MDS.
-
A Domain Log Server Dedicated Check Point server that runs Check Point software to store and process logs. on a Multi-Domain Log Server Dedicated Check Point server that runs Check Point software to store and process logs in a Multi-Domain Security Management environment. The Multi-Domain Log Server consists of Domain Log Servers that store and process logs from Security Gateways that are managed by the corresponding Domain Management Servers. Acronym: MDLS.
|
Important:
|
Procedure:
-
Close all SmartConsole applications
You must close all GUI clients (SmartConsole Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on. applications) connected to the Multi-Domain Server or Multi-Domain Log Server.
-
Connect to the command line on the Multi-Domain Server or Multi-Domain Log Server
Step
Instructions
1
Connect over SSH, or serial console.
2
Log in with the superuser credentials.
3
Log in to the Expert mode.
4
Go to the MDS context:
mdsenv
-
Stop the applicable Domain Management Server or Domain Log Server
Step
Instructions
1
Stop the services:
mdsstop_customer <Name or IP of Domain Management Server or Domain Log Server>
2
Make sure the services stopped in the applicable context:
mdsstat
All the daemons (FWM, FWD, CPD, and CPCA) must be in the state "
down
". -
Change the IP address in the MDS database
Step
Instructions
1
Change the IP address:
$MDS_TEMPLATE/scripts/change_cma_ip.sh -n <Name of Domain Management Server or Domain Log Server object> -i <New IP Address>
Example:
$MDS_TEMPLATE/scripts/change_cma_ip.sh -n My_Domain_Server -i 172.30.40.55
You can change the IP addresses of several Domain Management Servers or Domain Log Servers in one command:
-
Make sure the services stopped in all applicable contexts.
-
Create a plain text file that contains pairs of server names and their new IPv4 addresses (separated with comma).
Example of a file:
MyDomainManagementServer_1, 172.30.40.51
MyDomainManagementServer_2, 172.30.40.52
MyDomainManagementServer_3, 172.30.40.53
-
Run this command:
$MDS_TEMPLATE/scripts/change_cma_ip.sh -f /<Path To>/<File>
-
-
Modify the
$SMARTLOGDIR/smartlog_settings.txt
fileStep
Instructions
1
Go to the context of the Domain Management Server or Domain Log Server:
mdsenv <Name or IP of Domain Management Server or Domain Log Server>
2
Back up the current
$SMARTLOGDIR/smartlog_settings.txt
file:cp -v $SMARTLOGDIR/smartlog_settings.txt{,_BKP}
3
Edit the current file:
vi $SMARTLOGDIR/smartlog_settings.txt
4
Change the current IP address to the new IP address in these parameters:
-
Parameter
:server_port ()
-
Section
:connections
> Section:domain
> Section:management
> Parameter:name ()
-
Section
:connections
> Section:domain
> Section:log_servers
> Parameter:name ()
5
Save the changes in the file and exit the editor.
-
-
Modify the
$INDEXERDIR/log_indexer_custom_settings.conf
fileStep
Instructions
1
Go to the context of the Domain Management Server or Domain Log Server:
mdsenv <Name or IP of Domain Management Server or Domain Log Server>
2
Back up the current
$INDEXERDIR/log_indexer_custom_settings.conf
file:cp -v $INDEXERDIR/log_indexer_custom_settings.conf{,_BKP}
3
Edit the current file:
vi $INDEXERDIR/log_indexer_custom_settings.conf
4
Change the current IP address to the new IP address in these parameters:
-
Parameter
:server_port ()
-
Section
:connections
> Section:domain
> Section:management
> Parameter :name ()
-
Section
:connections
> Section:domain
> Section:log_servers
> Parameter:name ()
5
Save the changes in the file and exit the editor.
-
-
Start the applicable Domain Management Server or Domain Log Server
Step
Instructions
1
Start the services:
mdsstart_customer <Name or IP of Domain Management Server or Domain Log Server>
2
Make sure that all the required daemons (FWM, FWD, CPD, and CPCA) are in the state "
up
" and show their PID (the "pnd
" state is also acceptable):mdsstat
If some of the required daemons on a Domain Management Server (Domain Log Server) are in the state "
down
", then wait for 5-10 minutes, restart that Domain Management Server (Domain Log Server), and check again. Run these three commands:mdsstop_customer <IP Address or Name or IP of Domain Management Server or Domain Log Server>
mdsstart_customer <IP Address or Name or IP of Domain Management Server or Domain Log Server>
mdsstat
If SmartLog does not work for a Domain Management Server with the modified IP address:
-
Connect with SmartConsole to that Domain Management Server.
-
From the left navigation panel, click Gateways & Servers.
-
Open the Domain Management Server object.
-
Make any change in the Domain Management Server object (for example, in the Comment field).
-
Click OK.
-
Publish the SmartConsole session.