In a multi-domain environment, the Multi-Domain Servers work in active-active mode. All Multi-Domain Servers are active and synchronize each other.
The Domains managed by the Multi-Domain
Server
The system automatically synchronizes periodically and when an administrator publishes changes to the configuration.
How Synchronization Works
During synchronization, the system performs these steps without user intervention:
On periodic synchronization:
The Active exports the delta data between the Active server and the Standby server to compressed files.
The compressed files are transferred to the Standby server.
The Standby Server replays the delta data from the uncompressed files.
On manual synchronization:
The Active Server exports the public data to compressed files.
The compressed files are transferred to the Standby Server.
The Standby server overrides the existing data with the uncompressed files.
The data that is transferred during synchronization includes:
Postgres database
Solr
ICA
Internal Certificate Authority. A component on Check Point Management Server that issues certificates for authentication. databaseConfiguration files
Domain licenses and contracts. Multi-Domain server licenses and contracts are not transferred.
Initial Synchronization
Initial synchronization occurs automatically when you create a secondary Multi-Domain Server,
Multi-Domain Log Server
Multi-Domain Server and
Multi-Domain Log Server
Periodic Synchronization
Multi-Domain Servers synchronize with all other peers and Multi-Domain Log Servers. Periodic synchronization occurs automatically, and when an administrator publishes a session. Private (non-published) sessions do not synchronize.
Periodic synchronizations are incremental. Only database changes synchronize with peers. Active Domain Management
Servers
Manual Synchronization
Manual synchronization is a full synchronization that overwrites all data on the peers. It disconnects all connected clients and overrides active sessions and running tasks.
When changes made in a session are published on the Active server (made public), the changes are synchronized to the Standby server. Unpublished, private sessions are not synchronized.
| Best Practice - Use this option with caution, and only in cases of synchronization error. We recommend that you publish changes before initiating full sync. |
For Domain Management Servers, you can only run a manual synchronization from the active Domain Management Server to the standby peers.
Manually Synchronizing a Multi-Domain Server
You can manually synchronize the connected Multi-Domain Server with a peer Multi-Domain Server.
To manually synchronize Multi-Domain Servers:
Click the area at the bottom of the SmartConsole window.
In the window, select a peer Multi-Domain Server to synchronize.
Click .
Synchronization starts immediately and the status shows in the window. The synchronization operation can take many minutes to complete.
| Warning - Use manual synchronization with caution. This can overwrite all data on the peer Multi-Domain Server if they do not synchronize correctly. |
Manually Synchronizing Domain Management Servers
You can manually synchronization a Standby Domain Management Server with the Active Domain Management Server on a different Multi-Domain Server.
To manually synchronize Domain Management Servers for a Domain:
Open SmartConsole for the active Domain Management Server.
Click > .
In the window, click > ..
Synchronization starts immediately and the status shows in the window. The synchronization operation can take many minutes to complete.
Multi-Domain Server ICA Database Synchronization
When you create a new secondary Multi-Domain Server, the Internal Certificate Authority (ICA) on the Primary Multi-Domain Server generates a certificate when you establish SIC