Creating a High Availability Environment using a Security Management Server

You can use a Security Management ServerClosed Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server. to create a High Availability environment with a Domain Management ServerClosed Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server.. The Security Management Server can operate as an Active or Standby management.

For example:

In both cases, the Domain Management Server must be Active to assign a Global PolicyClosed On a Multi-Domain Security Management Server, a policy defined in the Global Domain. You can assigns this Global Policy to Domains..

To create a High Availability environment with multiple Domain Management Servers, you must use a different Security Management Server per each Domain Management Server.

You must define GUI clients and administrators locally on the Security Management Server. The synchronization process cannot export this data from a Domain Management Server to a Security Management Server.

  1. Do a Clean Install of a Security Management Server, and define the Security Management Server as a Secondary Security Management Server.

  2. Connect to the command line on the Security Management Server.

  3. Run: cpconfig

  4. Configure these items:

    1. Secure Internal Communication - Define an Activation Key to establish SICClosed Secure Internal Communication. The Check Point proprietary mechanism with which Check Point computers that run Check Point software authenticate each other over SSL, for secure communication. This authentication is based on the certificates issued by the ICA on a Check Point Management Server. trust between the Security Management Server and the Domain Management Server.

    2. Define administrators.

    3. Define GUI clients.

  5. In SmartConsoleClosed Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on. of the Domain Management Server, create a network object of the type Check Point Host, which represents the Secondary Security Management Server. Go to the Object Explorer, and click New > More > Network Object > Gateways & Servers > Check Point Host. The Check Point Host window opens.

    In the General Properties page:

    1. Enter the object name and IPv4 address.

    2. In the Management tab at the bottom of the page, select Network Policy Management. The Secondary Server is then automatically selected.

      3. In the Secure Internal Communication field, click Communication to establish SIC trust between the Security Management Server.

    3. In the Management tab at the bottom of the page, select Network Policy Management. The Secondary Server is then automatically selected.

    4. Click OK.

  6. Publish the session. Initialization and synchronization between the Domain Management Server and the Security Management Server starts. Wait for the task list to show that a full synchronization completed.

To see the High Availability status of both servers, go to the main Menu and click High Availability Status. In this window you can see which server is active and which is standby and the synchronization status.

Notes: