Synchronization

In a multi-domain environment, the Multi-Domain Servers work in active-active mode. All Multi-Domain Servers are active and synchronize each other.

The Domains managed by the Multi-Domain Server Dedicated Check Point server that runs Check Point software to host virtual Security Management Servers called Domain Management Servers. Synonym: Multi-Domain Security Management Server. Acronym: MDS. work in active-standby mode, where the Active Domain Server synchronizes all the standby Domain Servers.

The system automatically synchronizes periodically and when an administrator publishes changes to the configuration.

How Synchronization Works

During synchronization, the system performs these steps without user intervention:

On periodic synchronization:

1. The Active exports the delta data between the Active server and the Standby server to compressed files.

2. The compressed files are transferred to the Standby server.

3. The Standby Server replays the delta data from the uncompressed files.

On manual synchronization:

1. The Active Server exports the public data to compressed files.

2. The compressed files are transferred to the Standby Server.

3. The Standby server overrides the existing data with the uncompressed files.

The data that is transferred during synchronization includes:

• Postgres database

• Solr

• ICA Internal Certificate Authority. A component on Check Point Management Server that issues certificates for authentication. database

• Configuration files

• Domain licenses and contracts. Multi-Domain server licenses and contracts are not transferred.

Initial Synchronization

Initial synchronization occurs automatically when you create a secondary Multi-Domain Server, Multi-Domain Log Server Dedicated Check Point server that runs Check Point software to store and process logs in a Multi-Domain Security Management environment. The Multi-Domain Log Server consists of Domain Log Servers that store and process logs from Security Gateways that are managed by the corresponding Domain Management Servers. Acronym: MDLS., or Domain Management Server Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server.. The system generates a task to copy all databases and system information from the connected server to the new server.

Multi-Domain Server and Multi-Domain Log Server Dedicated Check Point server that runs Check Point software to store and process logs. synchronization tasks show in the Task Information area, in the Multi-Domain Server SmartConsole Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on.. Domain synchronization tasks show in the Domain SmartConsole.

Periodic Synchronization

Multi-Domain Servers synchronize with all other peers and Multi-Domain Log Servers. Periodic synchronization occurs automatically, and when an administrator publishes a session. Private (non-published) sessions do not synchronize.

Periodic synchronizations are incremental. Only database changes synchronize with peers. Active Domain Management Servers Virtual Security Management Server that manages Security Gateways for one Domain, as part of a Multi-Domain Security Management environment. Acronym: DMS. synchronize to the standby Domain Management Servers.

Manual Synchronization

Manual synchronization is a full synchronization that overwrites all data on the peers. It disconnects all connected clients and overrides active sessions and running tasks.

When changes made in a session are published on the Active server (made public), the changes are synchronized to the Standby server. Unpublished, private sessions are not synchronized.

Best Practice - Use this option with caution, and only in cases of synchronization error. We recommend that you publish changes before initiating full sync.

For Domain Management Servers, you can only run a manual synchronization from the active Domain Management Server to the standby peers.

Manually Synchronizing a Multi-Domain Server

You can manually synchronize the connected Multi-Domain Server with a peer Multi-Domain Server.

To manually synchronize Multi-Domain Servers:

1. Click the Synchronization Status area at the bottom of the SmartConsole window.

2. In the High Availability Status window, select a peer Multi-Domain Server to synchronize.

3. Click Sync Peer.

Synchronization starts immediately and the status shows in the window. The synchronization operation can take many minutes to complete.

Warning - Use manual synchronization with caution. This can overwrite all data on the peer Multi-Domain Server if they do not synchronize correctly.

Manually Synchronizing Domain Management Servers

You can manually synchronization a Standby Domain Management Server with the Active Domain Management Server on a different Multi-Domain Server.

To manually synchronize Domain Management Servers for a Domain:

1. Open SmartConsole for the active Domain Management Server.

2. Click Menu > High Availability.

3. In the High Availability Status window, click Actions > Sync Peer..

Synchronization starts immediately and the status shows in the window. The synchronization operation can take many minutes to complete.

Multi-Domain Server ICA Database Synchronization

When you create a new secondary Multi-Domain Server, the Internal Certificate Authority (ICA) on the Primary Multi-Domain Server generates a certificate when you establish SIC Secure Internal Communication. The Check Point proprietary mechanism with which Check Point computers that run Check Point software authenticate each other over SSL, for secure communication. This authentication is based on the certificates issued by the ICA on a Check Point Management Server. trust. The ICA can generate a certificate for a new administrator, if required by the authentication method. In a High Availability deployment with more than one Multi-Domain Server, the system synchronizes the ICA databases as necessary.