CME can't scan for MIG gateway instances on GCP

Fednot — Mon, 23 May 2022 20:31:21 GMT

Hello,

I'm a newcomer to CME with GCP and I run into an issue that my on-premises MGMT can't find the cloudguards in GCP.
gcp deployment is handled by terraform scripts and I think I miss a piece of the puzzle so both sides can work together.

in the cme log I get this error:

2022-05-23 16:58:59,083 CME_SERVICE INFO ********** Starting loop iteration number 523 for gateway instances *******
***
2022-05-23 16:59:00,783 CME_SERVICE INFO There are no gateways known by the management at the beginning of the iteration
2022-05-23 16:59:01,194 CME_SERVICE ERROR Error during synchronization with Security Gateways.
Error details: Failed to scan for gateway instances in the cloud account xxxxxxxxxxxxxxxxxxx..
2022-05-23 16:59:01,200 CME_SERVICE ERROR Error traceback: Traceback (most recent call last):
File "/opt/CPcme/service/cme_service.py", line 433, in sync
filtered_instances = controller.filter_instances()
cloud_connectors.gcp.HTTPException: Unexpected HTTP code: 404

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/opt/CPcme/service/cme_service.py", line 584, in loop
sync(c, management, gateways)
cme_exceptions.cme_exceptions.ControllerException: Error Code: Failed to scan for gateway instances

Failed to scan for gateway instances in the cloud account xxxxxxxxxxxxxxxxxxx.
2022-05-23 16:59:01,200 CME_SERVICE INFO
2022-05-23 16:59:01,485 CME_SERVICE INFO There are no gateways known by the management at the end of the iteration
2022-05-23 16:59:01,485 CME_SERVICE INFO ********** End of the iteration number 523 for gateway instances. Iteration time:
0:00:02.401860 **********

has anybody encountered this issue?

I followed these instructions to set it up:

https://sc1.checkpoint.com/documents/IaaS/WebAdminGuides/EN/CP_CME/Content/Topics-CME/CME_Structure_and_Configurations.htm?TocPath=CME%20Structure%20and%20Configurations%7C_____0

https://sc1.checkpoint.com/documents/R80.30/WebAdminGuides/EN/CP_R80.30_and_Above_CG_Autoscaling_Managed_Instance_Group_for_GCP/AdminGuide/Content/Topics-Google-Managed-Instance-Group/Configuring-GCP.htm#Deploying-the-Check-Point-Autoscaling-Managed-Instance-Group

https://downloads.checkpoint.com/fileserver/SOURCE/direct/ID/95584/FILE/CP_CloudGuard_Network_for_GCP_Autoscaling_Managed_Instance_Group_R80.30_and_Higher_AdminGuide.pdf

https://community.checkpoint.com/t5/Cloud-Network-Security/CloudGuard-GCP-auto-provisioning-error/m-p/85195#M531

Re: CME can't scan for MIG gateway instances on GCP

natanelm — Sun, 12 Jun 2022 16:34:05 GMT

Hi,

According to the logs you shared, it looks like a permission issue,
Please make sure you followed the Creating-GCP-Service-Account, and your service account has the right permissions.

If you are still facing the issue, please follow the below and open a ticket:

Collect CME Log Collector file as described in Cloud Management Extension R80.10 and Higher Administration Guide > Troubleshooting > CME Log Collector.
Contact Check Point support, and request to open a ticket that includes CME Log Collector file collected in the previous step.

Thanks,
Natanel

topic CME can't scan for MIG gateway instances on GCP in Cloud Firewall

CME can't scan for MIG gateway instances on GCP

Re: CME can't scan for MIG gateway instances on GCP