[Date Prev][Date Next][Thread Prev][Thread Next][Thread Index]
RE: [fw1-gurus] Checkpoint Management HA

Subject: RE: [fw1-gurus] Checkpoint Management HA
From: "Richard Harris" <RHarris@xxxxxxxxxxxxxxxxxxx>
To: <fw1-gurus@xxxxxxxxxxxxxxxxxx>
Date: Tue, 2 Jan 2007 19:12:28 -0000
Hi John,

Adam mentioned to me about rebuilding the primary as a backup and
re-synching against the secondary, but I'm not sure if this will work as
I didn't think you could sync back the other way. Knowing I'm about to
create a NGX on Windows2003 soon, does anyone know how I might resolve
this problem with a missing primary? I have a few ideas currently, but
I'm looking for the simplest and easiest really to get this working.

Has anyone tried a secondary upgrade_export from R55 in NGX?!

If anyone has any suggestions, I'd really appreciate hearing
them...spent ages on this now at my cost.

Cheers,
Richard

-----Original Message-----
From: John Rouse [mailto:danensis@xxxxxxxxxxx]
Sent: 30 December 2006 14:56
To: Richard Harris
Subject: RE: [fw1-gurus] Checkpoint Management HA

I'm currently rebuiklding what was my primary as a new secondary, and
will let you know if I manage to sync it to the primary (recently
promoted from the original secondary).

One thing I did find is that no matter where you hide a copy of
objects_5_0.C Checkpoint will find it and alter its contents, the only
way I found round this was to back it up to a memory stick and unplug it
from the machine!

John


>From: "Richard Harris" <RHarris@xxxxxxxxxxxxxxxxxxx>
>To: "Yavor Trapkov" <yavor.trapkov@xxxxxxxxx>,"FireWall-1 Guru's
>mailinglist" <fw1-gurus@xxxxxxxxxxxxxxxxxx>
>Subject: RE: [fw1-gurus] Checkpoint Management HA
>Date: Tue, 19 Dec 2006 15:01:07 -0000
>MIME-Version: 1.0
>Received: from delta.area51.dk ([130.227.70.52]) by
>bay0-mc3-f1.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2444);
>Tue, 19 Dec 2006 07:02:47 -0800
>Received: (qmail 42716 invoked by uid 1001); 19 Dec 2006 15:02:34 -0000
>Received: (qmail 42670 invoked from network); 19 Dec 2006 15:01:14
>-0000
>X-Message-Info: LsUYwwHHNt2X5iVbK8gVH8bJvEhp/P8DM1PrlKRMDuw=
>Mailing-List: contact fw1-gurus-help@xxxxxxxxxxxxxxxxxx; run by ezmlm
>Precedence: bulk
>X-No-Archive: yes
>List-Post: <mailto:fw1-gurus@xxxxxxxxxxxxxxxxxx>
>List-Help: <mailto:fw1-gurus-help@xxxxxxxxxxxxxxxxxx>
>List-Unsubscribe: <mailto:fw1-gurus-unsubscribe@xxxxxxxxxxxxxxxxxx>
>List-Subscribe: <mailto:fw1-gurus-subscribe@xxxxxxxxxxxxxxxxxx>
>Delivered-To: mailing list fw1-gurus@xxxxxxxxxxxxxxxxxx
>Delivered-To: moderator for fw1-gurus@xxxxxxxxxxxxxxxxxx
>Content-class: urn:content-classes:message
>X-MimeOLE: Produced By Microsoft Exchange V6.5
>X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [fw1-gurus]
>Checkpoint Management HA
>Thread-Index: AccdS6XAR/Y2Ux6cQiSaB5MF7ukN1gGMiiLQ
>Return-Path:
>fw1-gurus-return-10487-danensis=hotmail.com@xxxxxxxxxxxxxxxxxx
>X-OriginalArrivalTime: 19 Dec 2006 15:02:48.0239 (UTC)
>FILETIME=[BF1A93F0:01C7237E]
>
>
>Hi there.
>
>I would like to input into this conversation as I too now have the same

>issue unfortunately - one evening we made a simple change, then the
>whole database got messed up saying every object was missing - NG R55
>HFA18 on Windows 2000 platform. I actually used an upgrade_export from
>the secondary and indeed actually managed to import into a new primary
>build and access the rulebase - well, once that is. I even managed to
>push a policy from it (don't think anyone believes me though, but I
>have screenshots!), but then I tried to establish SIC to the secondary
>management server and ever since then, even with a full re-install of
>the software, registry cleanout and the same upgrade_export file, I
>cannot get back in via Smartdashboard. I contacted Checkpoint and got
>sent the below about the recovery, but my objects_5_0.c file has about
>40 entries of what they say below regarding editing the objects and
>therefore was unsure what to change. I've heard no more from CP as they

>don't support it I hear.
>
>Can anyone advise on the objects file modification and what I might be
>doing wrong? I totally believe it must be possible to get this
>working....
>
>Cheers,
>Richard
>
>-----Original Message-----
>From: Yavor Trapkov [mailto:yavor.trapkov@xxxxxxxxx]
>Sent: 11 December 2006 08:08
>To: FireWall-1 Guru's mailinglist
>Subject: Re: [fw1-gurus] Checkpoint Management HA
>
>Hi,
>
>here is the procedure of how to promote secondary SmartCeter to
>primary, make sure you backup your working SmartCenter before doing it
>so you can always restore the working condition if anything goes wrong,

>I had to actually apply it twice to recover the failed primary back to
>primary, if that's your case try to skip point 7, finally everything
>worked. Also make sure that after all changes, your primary SmartCenter

>is the first in the list of the master servers.
>
>---------------
>Follow this procedure in order to recover a Primary SmartCenter Server
>by promoting a Secondary SmartCenter Server to become the Primary
>SmartCenter Server.
>1 Select either an existing or a newly created Secondary SmartCenter
>Server and synchronize it with your other SmartCenter Servers.
>  From the Secondary Smart Center Server perform the following
>manipulations:
>2 Stop all running Check Point services by running the cpstop command.
>3 Manually adjust the objects_5_0.C file as follows:
>A Edit the former Primary Object definitions:
>:primary_management (true) (r) :primary management (false) Remove from
>admin_info the following attribute :Deleteable (false)
>
>B Edit the selected Secondary Object definitions:
>:primary_management (false) (r) :primary management (true) Add under
>admin_info the following attribute :Deleteable (false)
>
>4 Run the cpprod_util FwSetPrimary 1
>command to change the registry thereby setting this Server to the
>Primary Server.
>5 Remove the $FWDIR/conf/mgmtha* files. They contain information about
>the current Secondary settings. These files will be recreated when you
>start the Services.
>6 Make sure you have the mgmtha license on the newly promoted
>SmartCenter Server and run the cpstart command.
>7 Via SmartDashboard, remove all occurrences of the old Primary
>Management object using the Where Used utility (right click on the
>object and select Where Used). Delete the old Primary Management Object
>8 Check the definitions of Masters and Loggers according to the
>configuration; either Centrally Managed or Locally Managed.
>9 Synchronize your other servers from the newly promoted SmartCenter
>Server.
>------------------
>
>---------------------------------------------------------------------
>FireWall-1 Gurus Mailing List (http://fw1-gurus.phoneboy.com/) To
>unsubscribe, mailto:fw1-gurus-unsubscribe@xxxxxxxxxxxxxxxxxx
>For additional commands, mailto:fw1-gurus-help@xxxxxxxxxxxxxxxxxx
>
>
>Centric Networks Ltd. Unit 2, Banters Lane, Great Leighs, Chelmsford,
>CM3 1QX, UK.
>Telephone : 01245 363300, Fax : 01245 363625.
>
>The information contained in this email is intended only for the
>individual to whom it is addressed. It may contain privileged and
>confidential information.
>If you have received this message in error or there are any problems,
>please notify the sender immediately and delete the message from your
>computer.
>The
>unauthorized use, disclosure, copying or alteration of this message is
>forbidden.
>Centric Networks Limited will not be liable for direct, special,
>indirect or consequential damage as a result of any virus being passed
>on, or arising from alteration of the contents of this message by a
>third party.
>
>---------------------------------------------------------------------
>FireWall-1 Gurus Mailing List (http://fw1-gurus.phoneboy.com/) To
>unsubscribe, mailto:fw1-gurus-unsubscribe@xxxxxxxxxxxxxxxxxx
>For additional commands, mailto:fw1-gurus-help@xxxxxxxxxxxxxxxxxx
>

_________________________________________________________________
Be the first to hear what's new at MSN - sign up to our free
newsletters! 
http://www.msn.co.uk/newsletters


Centric Networks Ltd. Unit 2, Banters Lane, Great Leighs, Chelmsford, CM3 1QX, UK.
Telephone : 01245 363300, Fax : 01245 363625.

The information contained in this email is intended only for the individual
to whom it is addressed. It may contain privileged and confidential information.
If you have received this message in error or there are any problems, please
notify the sender immediately and delete the message from your computer. The
unauthorized use, disclosure, copying or alteration of this message is forbidden.
Centric Networks Limited will not be liable for direct, special, indirect or
consequential damage as a result of any virus being passed on, or arising from
alteration of the contents of this message by a third party.

---------------------------------------------------------------------
FireWall-1 Gurus Mailing List (http://fw1-gurus.phoneboy.com/)
To unsubscribe, mailto:fw1-gurus-unsubscribe@xxxxxxxxxxxxxxxxxx
For additional commands, mailto:fw1-gurus-help@xxxxxxxxxxxxxxxxxx
Prev by Date: [fw1-gurus] libsw Files
Next by Date: Re: [fw1-gurus] libsw Files
Previous by thread: [fw1-gurus] libsw Files
Next by thread: [fw1-gurus] Installed HFA04 of R60 and TCP Out of order problems
Index(es):
- Date
- Thread