Technical data

Managing VSX Clusters
Check Point VSX Administration Guide NGX R67 | 107
Changing the Internal Communication Network IP
You can change the internal communication network IP address by using the vsx_util change_private_net
("change_mgmt_private_net" on page 198) command.
Working with Cluster Members
This section presents procedures for adding and deleting cluster members, as well as for upgrading existing
cluster members to VSX.
Adding a New Member
Important - Verify that no other administrators are connected to the
management server before proceeding. The vsx_util command
cannot modify the management database if the database is locked
because other administrators are connected.
To add a new member to an existing cluster:
1. Close SmartDashboard and backup the management database.
2. Enter the Expert mode.
3. From the command prompt on the management server, enter the expert mode and run the vsx_util
add_member command. Perform the following steps prompted:
a) Enter the Security Management Security Management Server or main Domain Management Server
IP address.
b) Enter the administrator name and password.
c) Enter the name of the VSX cluster.
d) Enter the name of the new member.
e) Enter the member management interface IP address and net mask.
f) Enter the Sync interface IP address and net mask.
g) Enter any other interface IP addresses as may be required
4. Wait until the add member operation finished successfully message appears, indicating that the
database has been successfully updated and saved.
Note - In a Multi-Domain Security Management environment, this
operation will skip any Domain Management Servers locked by an
administrator. If this should occur, run the operation again for the
relevant Domain Management Servers once they become
available.
5. Open SmartDashboard and verify that an object representing the new member appears in the specified
cluster. Modify its configuration as required. Close SmartDashboard.
6. From the management server command prompt, Enter the Expert mode and run the vsx_util
add_member_reconf command. Enter the following information when prompted:
a) Security Gateway or main Domain Management Server IP address
b) Administrator name and password
c) New member name
d) SIC activation key for the new member
7. Wait until the Reconfigure module operation completed successfully summary notice appears.
Note - In a Multi-Domain Security Management environment, the
operation will skip any Domain Management Servers locked by an
administrator. If this should occur, run the operation again for the
relevant Domain Management Servers when they become
available.