CHECKPOINT AD AGENT HA SETUP

Document created by assurance@init.it on Jun 7, 2016
Version 1Show Document
  • View in full screen mode

1.  Setup logging on the checkpoints to log to 1 manager only and to fail the logging to the other manager on detection of manager a falure. (Checkpoint feature)

2.  Fail manager from system a to system b

3.  Install agent/re-run agent setup if collecting via same agent as I wanted (couple of pointers heres, to do the opsec_cert_pull you need port 18182 open not just 18184 as the document describes, if this is an issue just copy the untility to systemb and run command locally then copy cert to agent.  Make sure you call the cert a different name than what you used in installing on first manager.)

4.  Create 2nd OPSEC ID for 2nd connection to managerB

5.  Once certs done and fwconf file updated as per docs attempt to test connectivity

6.  If it doesn't work push as fw policy update as this seens to fix many issues once opsec entity has been created

7.  Job done

8. Don't for get to restart agent to pickup new source

9.  Failover managers and test logging continues..

Attachments

    Outcomes