0 Replies Latest reply on Feb 20, 2018 2:14 AM by joshwright10

    NCM Policy or Compliance for Clustered Devices

    joshwright10

      Does anyone know if it is possible to use NCM to ensure that two devices, which operate as a cluster can be validated using NCM to ensure that most of their configuration matches.

       

      My specific example is with Check Point Firewalls. We use the firewalls in a clustered pair, however changes must be made on each individual cluster member, as no config syc is possible.

      We have recently learnt that people have not replicated changes from the Primary to the Backup device, which causes failover issues.

       

      We would like to be able to validate that sections of the configs are in sync, such as BGP peers, Static routes, NTP, RADIUS and other common settings, but then still allow unique things like Interface addresses to vary.

       

      All I can think of is to create a Policy for each pair and then keep this continually updated, which sounds unlikely.