https://community.checkpoint.com/t5/Cloud-Firewall/Upgrading-Cloudguard-gateways-fails-for-GWLB-setup/m-p/199160#M4437 <P>Hello,</P> <P>I am trying to upgrade Cloudguard Network Security gateways and we aer running "GWLB security VPC for Transit GW" setup.</P> <P>&nbsp;</P> <P>I am following documentation (<A href="https://sc1.checkpoint.com/documents/IaaS/WebAdminGuides/EN/CP_CloudGuard_Network_for_AWS_Gateway_Load_Balancer_ASG/Content/Topics-AWS-GWLB-ASG-DG/Additional-Information.htm?TocPath=Additional%20Information%7CUpdating%20the%20Auto%20Scaling%20Group%7C_____0#Updating_the_Auto_Scaling_Group" target="_self">CGNS for GWLB</A>&nbsp;) for updating launch templates with new AMI image. So I picked up&nbsp;<SPAN>R81.10-335.1383, finish the config and tried to spin up an EC2, however CME is stuck with message:</SPAN></P> <P><SPAN>ERROR Failed to initialize SIC with gateway instance GW-NAME - SIC port is closed. Refer to the Troubleshooting section in the CME Administration Guide.</SPAN></P> <P>&nbsp;</P> <P>I try to login to see the state of recently provisioned gateway and I get this message:</P> <P><EM>login as: admin</EM><BR /><EM>Your cloud-init configuration is corrupt or contains error:</EM><BR /><EM>Provided YAML file contains one or more errors:</EM><BR /><EM>Error in function _validate_parameters:</EM><BR /><EM>The parameter 'sim_geneve_enabled' doesn't supported for simkern.</EM></P> <P><EM>In order to configure your system, please access the Web UI and finish the First Time Wizard.</EM></P> <P>&nbsp;</P> <P>Here are the relevant lines from "user data" and I verified they are exactly the same as in old launch template so I don't know why this fails. Did something changed with these parameters starting from R81.10?</P> <PRE><CODE>kernel_parameters:<BR />&nbsp;&nbsp;sim:<BR />&nbsp;&nbsp;&nbsp;&nbsp;- sim_geneve_enabled=1<BR />&nbsp;&nbsp;&nbsp;&nbsp;- sim_geneve_br_dev=br0</CODE></PRE> <P>&nbsp;</P> Tue, 28 Nov 2023 14:36:33 GMT abihsot__ 2023-11-28T14:36:33Z https://community.checkpoint.com/t5/Cloud-Firewall/Upgrading-Cloudguard-gateways-fails-for-GWLB-setup/m-p/199160#M4437 <P>Hello,</P> <P>I am trying to upgrade Cloudguard Network Security gateways and we aer running "GWLB security VPC for Transit GW" setup.</P> <P>&nbsp;</P> <P>I am following documentation (<A href="https://sc1.checkpoint.com/documents/IaaS/WebAdminGuides/EN/CP_CloudGuard_Network_for_AWS_Gateway_Load_Balancer_ASG/Content/Topics-AWS-GWLB-ASG-DG/Additional-Information.htm?TocPath=Additional%20Information%7CUpdating%20the%20Auto%20Scaling%20Group%7C_____0#Updating_the_Auto_Scaling_Group" target="_self">CGNS for GWLB</A>&nbsp;) for updating launch templates with new AMI image. So I picked up&nbsp;<SPAN>R81.10-335.1383, finish the config and tried to spin up an EC2, however CME is stuck with message:</SPAN></P> <P><SPAN>ERROR Failed to initialize SIC with gateway instance GW-NAME - SIC port is closed. Refer to the Troubleshooting section in the CME Administration Guide.</SPAN></P> <P>&nbsp;</P> <P>I try to login to see the state of recently provisioned gateway and I get this message:</P> <P><EM>login as: admin</EM><BR /><EM>Your cloud-init configuration is corrupt or contains error:</EM><BR /><EM>Provided YAML file contains one or more errors:</EM><BR /><EM>Error in function _validate_parameters:</EM><BR /><EM>The parameter 'sim_geneve_enabled' doesn't supported for simkern.</EM></P> <P><EM>In order to configure your system, please access the Web UI and finish the First Time Wizard.</EM></P> <P>&nbsp;</P> <P>Here are the relevant lines from "user data" and I verified they are exactly the same as in old launch template so I don't know why this fails. Did something changed with these parameters starting from R81.10?</P> <PRE><CODE>kernel_parameters:<BR />&nbsp;&nbsp;sim:<BR />&nbsp;&nbsp;&nbsp;&nbsp;- sim_geneve_enabled=1<BR />&nbsp;&nbsp;&nbsp;&nbsp;- sim_geneve_br_dev=br0</CODE></PRE> <P>&nbsp;</P> Tue, 28 Nov 2023 14:36:33 GMT https://community.checkpoint.com/t5/Cloud-Firewall/Upgrading-Cloudguard-gateways-fails-for-GWLB-setup/m-p/199160#M4437 abihsot__ 2023-11-28T14:36:33Z https://community.checkpoint.com/t5/Cloud-Firewall/Upgrading-Cloudguard-gateways-fails-for-GWLB-setup/m-p/199162#M4438 <P>CloudGuard Network Security for AWS Gateway Load Balancer only supports R80.40 and R81.20. Upgrading to R81.10 is not possible due to lack of GENEVE support.</P> <P><A href="https://support.checkpoint.com/results/sk/sk174447" target="_blank">https://support.checkpoint.com/results/sk/sk174447</A></P> <P>&nbsp;</P> Tue, 28 Nov 2023 14:54:09 GMT https://community.checkpoint.com/t5/Cloud-Firewall/Upgrading-Cloudguard-gateways-fails-for-GWLB-setup/m-p/199162#M4438 samirshah1 2023-11-28T14:54:09Z https://community.checkpoint.com/t5/Cloud-Firewall/Upgrading-Cloudguard-gateways-fails-for-GWLB-setup/m-p/199164#M4439 <P>Oh, that explains. Thanks for a quick reply!</P> Tue, 28 Nov 2023 14:59:14 GMT https://community.checkpoint.com/t5/Cloud-Firewall/Upgrading-Cloudguard-gateways-fails-for-GWLB-setup/m-p/199164#M4439 abihsot__ 2023-11-28T14:59:14Z