Installing a Secondary Endpoint Security Management Server in Management High Availability
Procedure:
-
Install the Secondary Endpoint Security Management Server
Step
Instructions
1
Install the Gaia
Check Point security operating system that combines the strengths of both SecurePlatform and IPSO operating systems. Operating System:
Important - You must use the same Gaia installation version as you used for the Primary Endpoint Security Management Server
Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server..2
3
During the First Time Configuration Wizard, you must configure these settings:
-
In the Installation Type window, select Security Gateway and/or Security Management.
-
In the Products window:
-
In the Products section, select Security Management only.
-
In the Clustering section, in the Define Security Management as field, select Secondary.
-
-
In the Secure Internal Communication window, enter the applicable Activation Key (between 4 and 127 characters long).
4
Install a valid license.
-
-
Perform initial configuration in SmartConsole
Step
Instructions
1
Connect with SmartConsole
Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on. to the Primary Endpoint Security Management Server Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server..2
From the left navigation panel, click Gateways & Servers.
3
Create a new Check Point Host object that represents the Secondary Endpoint Security Management Server in one of these ways:
-
From the top toolbar, click the New (
> More > Check Point Host. -
In the top left corner, click Objects menu > More object types > Network Object > Gateways & Servers > New Check Point Host.
-
In the top right corner, click Objects Pane > New > More > Network Object > Gateways and Servers > Check Point Host.
4
Click the General Properties page.
5
In the Name field, enter the applicable name.
6
In the IPv4 Address and IPv6 Address fields, enter the applicable IP addresses.
7
In the Platform section:
-
In the Hardware field, select the applicable option
-
In the Version field, select R81
-
In the OS field, select Gaia
8
On the General Properties page, click the Management tab.
9
Select the Network Policy Management and Endpoint Policy Management blades.
Note - In a Management High Availability environment, the SmartEvent Software Blade
Specific security solution (module): (1) On a Security Gateway, each Software Blade inspects specific characteristics of the traffic (2) On a Management Server, each Software Blade enables different management capabilities. is supported only on the Active Management Server (for more information, see sk25164).10
Establish the Secure Internal Communication (SIC
Secure Internal Communication. The Check Point proprietary mechanism with which Check Point computers that run Check Point software authenticate each other over SSL, for secure communication. This authentication is based on the certificates issued by the ICA on a Check Point Management Server.) between the Primary Endpoint Security Management Server and the Secondary Endpoint Security Management Server:-
In the Secure Internal Communication field, click Communication.
-
Enter the same Activation Key you entered during the First Time Configuration Wizard of the Secondary Endpoint Security Management Server.
-
Click Initialize. The Trust state field must show Established.
-
Click Close.
11
Click OK.
12
In the SmartConsole top left corner, click > Install database.
13
Select all objects.
14
Click Install.
15
Click OK.
16
In the SmartConsole top left corner, click > Management High Availability.
17
Make sure the Endpoint Security Management Servers are able to synchronize.
-
For more information:
See the R81 Harmony Endpoint Security Server Administration Guide.