Configuring a Secondary Security Management Server in SmartConsole

How to configure a Secondary Security Management ServerClosed Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server. in SmartConsoleClosed Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on..

In the SmartConsole connected to the Primary Security Management ServerClosed Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server., create a Check Point Host object for the Secondary Security Management Server. After you publish the SmartConsole session, synchronization starts between the Primary and Secondary Security Management Servers.

To configure the Secondary Security Management Server in SmartConsole:

  1. Connect with SmartConsole to the Primary Security Management Server.

  2. In the Object Explorer, click New > More > Network Object > Gateways and Servers > Check Point Host.

  3. In the General Properties page, enter a unique name and IP address for the Secondary Security Management Server.

  4. In the Software Blades section, go to the Management tab, and select Network Policy Management.

    This automatically selects the Secondary Server, Logging and Status, and Provisioning.

  5. Create SICClosed Secure Internal Communication. The Check Point proprietary mechanism with which Check Point computers that run Check Point software authenticate each other over SSL, for secure communication. This authentication is based on the certificates issued by the ICA on a Check Point Management Server. trust between the Secondary Security Management Server and the Primary:

    1. Click Communication.

    2. Enter the SIC Activation Key of the secondary server.

    3. Click Initialize.

    4. Click Close.

  6. Click OK.

  7. Publish the SmartConsole session to save these session changes to the database.

    The initialization and synchronization between the Security Management Servers start.

  8. Monitor these tasks in the Task List, in the SmartConsole System Information area. Wait for the Task List to show that a full sync has completed.

  9. Open the High Availability Status window and make sure there is one Active Security Management Server, and one Standby Security Management Server.

  10. For each Security GatewayClosed Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. / ClusterClosed Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing., open the Security Gateway / Cluster object > go to Fetch Policy, click Add, and add the Secondary Security Management ServerClosed The Security Management Server in Management High Availability that you install as Secondary..