On This Page
Monitoring a Standby Check Point Management Server
You can add a standby Check Point management server (MDS, CMA, or SmartCenter) to be monitored by SecureTrack. When the management server does a failover, monitoring of the policy is not broken. SecureTrack takes the authentication and communication information from the primary management server, which simplifies the process considerably.
The Primary and Standby Management servers must be monitored by the same TOS Aurora server. For example, in a DA environment if a Check Point device is monitored by a Remote Collector, then the standby Check Point Management server must be monitored by the same Remote Collector. Migrating these Management servers to be monitored by different TOS Aurora servers will break opsec communication.
To add a standby management server:
-
Log into SecureTrack as an Administrator.
-
In the address bar of your browser, add
/tools
to the SecureTrack base URL.For example:
https://192.168.1.1/tools
-
Click Add Standby Check Point Management Server.
https://<ST IP Address>/securetrack/admin/tools/add_standby_cma.htm
The tool opens:
-
Enter the device ID of the primary device.
To see the ID of a device, in SecureTrack:
-
Navigate to Monitoring > Manage Devices.
- Click a device in the device tree.
-
Type the letter "t".
The ID for every device appears.
-
- Enter the Standby Management Server Details
- Or click the device in the SecureTrack device tree in Monitoring > Manage Devices, and type the letter t
- Show result in html format – Select the checkbox to display the result in a browser (optional).
- Click submit.
Field | Description |
---|---|
Secondary MGMT IP | The IP of the secondary CMA/SMC/MDS |
Display Name | Enter the device name that you want to be displayed in SecureTrack |
Secondary object name | The name of the secondary CMA/SMC/MDS device in the Check Point smart console |
Secondary MDS's sic_name |
MDS only (leave empty for CMA and SMC devices). To identify the secondary MDS's sic_name: |
For CMA only: ID of Parent MDS |
|
For CMA R80 and above only: Domain name | You can get the domain name from the MDS by running the command: mdsstat |