Monitoring a Standby Check Point Management Server

Overview

You can add a standby Check Point management server (MDS, CMA, or SmartCenter) to be monitored by SecureTrack. When the management server does a failover, monitoring of the policy is not broken. SecureTrack takes the authentication and communication information from the primary management server, which simplifies the process considerably.

The Primary and Standby Management servers must be monitored by the same TOS Aurora server. For example, in a DA environment if a Check Point device is monitored by a Remote Collector, then the standby Check Point Management server must be monitored by the same Remote Collector. Migrating these Management servers to be monitored by different TOS Aurora servers will break opsec communication.

Add a Standby Management Server

  1. Log into SecureTrack as an Administrator.

  2. In the address bar of your browser, add /tools to the SecureTrack base URL.

    For example: https://192.168.1.1/tools

  3. Click Add Standby Check Point Management Server.

    https://<ST IP Address>/securetrack/admin/tools/add_standby_cma.htm

    The tool opens:

    Add standby cma tool

  4. Enter the device ID of the primary device.

    To see the ID of a device:

    • Either use the command line on the SecureTrack host:

      # kubectl exec -it deployment/device-collector -c device-collector -- bash
      # st stat
    • Or click the device in the SecureTrack device tree in Compare > Compare Revisions, and type the letter t
  5. Enter the Standby Management Server Details
    6. Field Description
    Secondary MGMT IP The IP of the secondary CMA/SMC/MDS
    Display Name Enter the device name that you want to be displayed in SecureTrack
    Secondary object name The name of the secondary CMA/SMC/MDS device in the Check Point smart console
    Secondary MDS's sic_name

    MDS only (leave empty for CMA and SMC devices).

    To identify the secondary MDS's sic_name:

    1. As a super-user, log in to the MDS device using the smart console

    2. Right-click on the name of the server and select View.

    3. In the new Multi-Domain Server click the View... button.

    4. Copy the line under SIC Details.

      Example: CN=cp_mgmt...
    For CMA only: ID of Parent MDS

    • Either use the command line on the SecureTrack host:

      # kubectl exec -it deployment/device-collector -c device-collector -- bash
      # st stat
    • Or click the device in the SecureTrack device tree in Compare > Compare Revisions, and type the letter t
    For CMA R80 And above only: Domain name You can get the domain name from the MDS by running the command: mdsstat
  6. Show result in html format – Select the checkbox to display the result in a browser (optional).
  7. Click submit.