Domain Management Server High Availability and Load Sharing

This section includes procedures for configuring the Multi-Domain Security Management environment for secondary Multi-Domain Servers and a Multi-Domain Log ServerClosed Dedicated Check Point server that runs Check Point software to store and process logs in a Multi-Domain Security Management environment. The Multi-Domain Log Server consists of Domain Log Servers that store and process logs from Security Gateways that are managed by the corresponding Domain Management Servers. Acronym: MDLS..

When you install Multi-Domain Security Management for the first time, select Primary Multi-Domain Server in the First Time Wizard

For High Availability and Load Sharing, select Secondary Multi-Domain Server in the First Time Wizard.

Each Domain has one Active and one or more Standby Domain Management ServersClosed Virtual Security Management Server that manages Security Gateways for one Domain, as part of a Multi-Domain Security Management environment. Acronym: DMS.. For example, if a deployment has three Multi-Domain Servers, each Domain can have one Active and two Standby Domain Management Servers. This lets the Domains load be shared between several physical Multi-Domain Servers.

Example of Domain Management Server High Availability with Load Sharing:

By default, the Primary Domain Management ServerClosed Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server. is Active. All other Domain Management Servers for that Domain are Standbys. You can change a Standby Domain Management Server to Active as necessary.

All Domain management operations, such as working with Security PoliciesClosed Collection of rules that control network traffic and enforce organization guidelines for data protection and access to resources with packet inspection., users, networks and other objects, occur on the Active Domain Management Server. Standby Domain Management Servers automatically synchronize with the Active Domain Management Server. Security Gateways can get a Security Policy and a Certificate Revocation List (CRL) from either the Active or Standby Domain Management Servers.

Creating a Secondary Domain Management Server

When you first create a Domain, you also define the Primary Domain Management Server. Use this procedure to create Secondary Domain Management Servers for existing Domains.

To create a secondary Domain Management Server:

  1. Connect to the Multi-Domain ServerClosed Dedicated Check Point server that runs Check Point software to host virtual Security Management Servers called Domain Management Servers. Synonym: Multi-Domain Security Management Server. Acronym: MDS. with SmartConsoleClosed Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on..

  2. In the Domains view, right-click the empty cell at the intersection of the applicable Multi-Domain Server and Domain in the grid.

  3. Select New Domain Server.

  4. In the Domain Server window, configure the Domain Management Server name and IP address.

Domain Management Server synchronization starts automatically and can take some time to complete.

Note - You cannot change settings for an existing Domain Management Server. You must first delete the Domain Management Server and then create a new one.

To delete a secondary Domain Management Server configuration, right-click the applicable cell and select Delete.