Creating a Secondary Multi-Domain Server

This section shows you how to create a new secondary Multi-Domain ServerClosed Dedicated Check Point server that runs Check Point software to host virtual Security Management Servers called Domain Management Servers. Synonym: Multi-Domain Security Management Server. Acronym: MDS..

Important - Before you start this procedure, make sure to define the physical server as the correct server type (Secondary Multi-Domain Server, or Multi-Domain Log ServerClosed Dedicated Check Point server that runs Check Point software to store and process logs in a Multi-Domain Security Management environment. The Multi-Domain Log Server consists of Domain Log Servers that store and process logs from Security Gateways that are managed by the corresponding Domain Management Servers. Acronym: MDLS.) during installation. An incorrect definition can cause deployment failure.

To create a new, Secondary Multi-Domain Server:

  1. If you did not do so, install a new Secondary Multi-Domain Server.

    Follow the procedures in the R82 Installation and Upgrade Guide. Make sure to define this server as a secondary Multi-Domain Server in the First Time Wizard. Connect to the Primary Multi-Domain Server with SmartConsoleClosed Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on. and go the Multi-Domain > Domains view.

  2. In the Multi-Domain navigation toolbar, click New > Multi-Domain Server.

  3. Enter a unique name for this Multi-Domain Server.

    To get the IP address automatically, the name must be in the DNS.

  4. Enter the IPv4 address or click Resolve IP to get the IP address from the DNS.

  5. Select the platform operating system, software version, and hardware type.

  6. Click Connect to establish SICClosed Secure Internal Communication. The Check Point proprietary mechanism with which Check Point computers that run Check Point software authenticate each other over SSL, for secure communication. This authentication is based on the certificates issued by the ICA on a Check Point Management Server. trust.

The new Multi-Domain Server automatically synchronizes with all existing Multi-Domain Servers and Multi-Domain Log Servers. The synchronization operation can take some time to complete, during which a notification indicator shows in the task information area.

Note - To add a license for a Multi-Domain Server, go to the main Menu > Manage licenses and packages.

Limitations

  • Private sessions are not synchronized between Multi-Domain Servers.You cannot see a session that is open on one Multi-Domain Server on another Multi-Domain Server or moved it to another Multi-Domain Server.

  • You cannot manage the same object (an object that is editable in the Multi-Domain view, for example: an administrator, a domain, a permission profile, a trusted client or a Multi-Domain Server) from multiple Multi-Domain SmartConsoles. It can create synchronization failures between the Multi-Domain Servers. If there is a synchronization failure, make sure that sessions on a different Multi-Domain SmartConsole do not lock the same object.

  • Policy installation from the Primary Multi-Domain Server to a Domain fails with an error, if that Domain exists only on the Secondary Multi-Domain Server:

    Install policy cannot be executed

    Multi-Domain '<Name of Multi-Domain Server Object>' does not have domain server for: 'Name of Domain Object'.

  • In a High Availability environment that includes more than two Multi-Domain Security Management Servers, a synchronization problem between 2 specific Multi-Domain Security Management Servers only shows when connected to one of those servers. The problem does not show when connected to a different Multi-Domain Security Management ServerClosed Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server. in the environment.

  • Synchronization on the Multi-Domain Server level fails after creating a new Domain on the secondary Multi-Domain Server, while an initial full synchronization from the new secondary device is performed.

  • To move a secondary Multi-Domain Security Management ServerClosed Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server. from one Multi-Domain Management High Availability environment to another, install the secondary Multi-Domain Security Management Server from scratch in the new environment as a secondary Multi-Domain Security Management Server and synchronize it with the primary Multi-Domain Security Management Server.