Cannot assign global policy after running cma_migrate
- Cannot assign global policy on Domains Servers hosted by Secondary Multi-Domain Server after running cma_migrate on the Primary Multi-Domain Server
When performing cma_migrate there are not any audit logs. As a result, when the IPS domain is updated with a new IPS version, it is not updated in other machines.
This problem was fixed. The fix is included in:
Check Point recommends to always upgrade to the most recent version (upgrade Security Gateway / upgrade Cluster / upgrade Security Management Server / upgrade Multi-Domain Security Management Server).
Also the following workaround is available: Perform full sync on the Global Domain.
To avoid this and other potential failures, it's highly recommended to stop the Mult-Domain Server processes during the cma_migrate in following way:
- Run mdsstop
- Run mdsstart -m
- Run the cma_migrate for the newly created Domain
- Run mdsstart
This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.