topic Re: MDS R81.20 on KVM, fresh install broken. in Firewall and Security Management

MDS R81.20 on KVM, fresh install broken.

LukeDRussell1 — Thu, 03 Oct 2024 08:20:16 GMT

Hello,

I'm unable to get an MDS install working using this qcow2 image. I've been using this image for Gateway and SMS for a couple of months in my lab, everything seems to work fine. With MDS, the first symptom I noticed is I can't connect with Smart Console. SSH and Web to Gaia work fine though.

When I tried to run `api status` I would get an error about the missing file /opt/CPsuite-R81.20/fw1/conf/cpmServerSettings.props. I copied this from an SMS server to get past that error.

I also tried updating with the latest Take, but the Gaia web gui errors and suggests running `cpstop` but that doesn't work on an MDS server.
I've tried about 5 times with a fresh VM, now I'm tearing my hair out.

Some probably relevant outputs that might help:

[Expert@cp-mds:0]# mdsstart Starting cpWatchDog Starting CPM Server ... [1] 8715 CPM Server is running. Start Search Infrastructure... index mode was set to true startsearch: dbsync does not run on Multi-Domain Security Management cpwd_admin: Process SOLR started successfully (pid=9230) Starting RFL ... cpwd_admin: Process RFL started successfully (pid=9262) Starting SmartView ... Starting SmartView... cpwd_admin: Process SMARTVIEW started successfully (pid=9311) Start Log Indexer... cpwd_admin: Process INDEXER started successfully (pid=9594) Start SmartLog Server... cpwd_admin: Process SMARTLOG_SERVER started successfully (pid=9806) No need to run Adjuster Service - no clients were found Starting Log Indexer... [1] + Done /opt/CPsuite-R81.20/fw1/scripts/ngm_start.sh /opt/CPmds-R81.20/customers: No such file or directory.

[Expert@cp-mds:0]# api status API Settings: --------------------- Accessibility: Unknown Automatic Start: Unknown Processes: Name State PID More Information ------------------------------------------------- API Stopped 0 CPM Stopped 0 FWM Stopped 0 APACHE Started 8507 Port Details: ------------------- JETTY Internal Port: 0 JETTY Documentation Internal Port: 0 APACHE Gaia Port: 443 Profile: ------------------- Machine profile: Medium env resources profile CPM heap size: 1280m Apache port retrieved from: httpd-ssl.conf -------------------------------------------- Overall API Status: The API Server Is Not Running! -------------------------------------------- API readiness test FAILED. The server is down and unable to receive connections! Notes: ------------ To collect troubleshooting data, please run 'api status -s <comment>'

Re: MDS R81.20 on KVM, fresh install broken.

PhoneBoy — Thu, 03 Oct 2024 13:27:18 GMT

I suspect these qcow images are not set up to run MDS, which has different requirements than a regular SMS (more disk/RAM, NIC configuration).
What are the specs on the VM you’re attempting to deploy this on? (RAM/CPUs/Disk/NICs)

Re: MDS R81.20 on KVM, fresh install broken.

LukeDRussell1 — Thu, 03 Oct 2024 21:13:54 GMT

It will be easy enough for me to give it more resources. I can't remember where I found the requirements, but I'm currently running 4vCPU, 6 GB, virtio NICs. I'm not sure how big the disks were. One attempt I set the data disk to 100 GB manually.

I'd be happy to take a suggestion on sizing.

Re: MDS R81.20 on KVM, fresh install broken.

the_rock — Thu, 03 Oct 2024 21:51:08 GMT

To me, that does not look like the right image for eve-ng. Did you follow below link to make sure naming is right? I know for mds, you would use same image as you were installing regular mgmt. I tested that before in eve-ng, no issues.

Andy

https://www.eve-ng.net/index.php/documentation/qemu-image-namings/

Re: MDS R81.20 on KVM, fresh install broken.

LukeDRussell1 — Thu, 03 Oct 2024 22:10:46 GMT

I'm not using eve-ng.

Re: MDS R81.20 on KVM, fresh install broken.

PhoneBoy — Thu, 03 Oct 2024 22:13:06 GMT

That's barely enough to run a gateway.
MDS needs a lot more resources (at least 32GB RAM, 8 Cores).
Refer to the requirements here: https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_RN/Content/Topics-RN/Open-Server-Hardware-Requirements.htm?TocPath=Open%20Server%20Hardware%20Requirements%7C_____0#Open_Server_Hardware_Requirements

Re: MDS R81.20 on KVM, fresh install broken.

LukeDRussell1 — Thu, 03 Oct 2024 22:16:57 GMT

I increased the specs in line with the Open Server minimums for MDS (8c, 32GB, 150 GB disk) and it works immediately!

Thanks @PhoneBoy

Re: MDS R81.20 on KVM, fresh install broken.

the_rock — Fri, 04 Oct 2024 00:13:18 GMT

Sorry my bad for assuming so. Glad you got it working.

Andy

Re: MDS R81.20 on KVM, fresh install broken.

LukeDRussell1 — Fri, 04 Oct 2024 03:19:19 GMT

I'm using Cisco Modelling Labs, which is built on top of KVM.

I also contributed some configs to CML-Community repo in case anyone else wants to run it. I'll add notes in that about increasing the resources for MDS.