- CheckMates
- :
- Products
- :
- CloudMates Products
- :
- Cloud Network Security
- :
- Discussion
- :
- Re: R81.20 Gateways with CME not supported?
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
R81.20 Gateways with CME not supported?
Hi all,
we tried to deploy some new R81.20 gateways in a GWLB setup and failed with the CME setup. We've got the following setup:
Version of the MDS Server:
CheckPoint R81.10 JHF 66
autoprov_cfg -v
CME Version: Build: 991592204 Take: 222
parts of: autoprov_cfg show all
controllers:
"aws_island":
access-key: xxxxxxxxxxxxxxxxxxxxxxx
class: AWS
regions:
- eu-central-1
- eu-south-1
secret-key: "__protected__autoprovision/controllers/xxxxxxxxxxxxxxxxxx/secret-key"
sync:
gateway: true
templates:
- "aws_island_R8040"
- "aws_island_R8120"
templates:
"aws_island_R8120":
application-control: true
health-check-ip-range: "10.123.0.0,10.123.255.255"
identity-awareness: true
ips: true
one-time-password: "__protected__autoprovision/xxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxx/one-time-password"
policy: "AWS_Integration"
send-alerts-to-server: fwlogxxxxxxxxxxxx
send-logs-to-server: fwlogxxxxxxxxxxxxxx
url-filtering: true
version: "R81.20"
----------------------------
cme.log shows:
2023-01-24 15:30:56,437 CME_SERVICE INFO aws_island--i-000bbdec1f6babbd2--eu-central-1 state is changed to: ADDING
2023-01-24 15:30:56,469 CME_SERVICE ERROR Failed to provision the Security Gateway instance aws_island--i-000bbdec1f6babbd2--eu-central-1.
Error details: Management API failure (add-simple-gateway)..
2023-01-24 15:30:56,480 CME_SERVICE ERROR Error traceback: Traceback (most recent call last):
File "/opt/CPcme/service/cme_service.py", line 536, in sync
instance, gw, auto_hf)
File "/opt/CPcme/cp_handlers/mgmt_autoprovision_handler.py", line 1755, in set_gateway
args = self.establish_gateway(instance, gw)
File "/opt/CPcme/cp_handlers/mgmt_autoprovision_handler.py", line 198, in establish_gateway
simple_gateway=simple_gateway)
File "/opt/CPcme/cp_handlers/mgmt_autoprovision_handler.py", line 244, in configure_gateway_metadata
remove_if_ip_exists_in_cpm=True)
File "/opt/CPcme/cp_handlers/mgmt_autoprovision_handler.py", line 286, in add_gateway_to_cpm
self.management(CPMCommand.ADD_SIMPLE_GATEWAY, gw)
File "/opt/CPcme/cp_handlers/mgmt_handler.py", line 177, in __call__
silent=silent)
File "/opt/CPcme/cp_handlers/mgmt_api_handler.py", line 126, in __call__
CMEExceptionCodes.MGMT_API, command=command)
cme_exceptions.cme_exceptions.ManagementApiException: Error Code: Management API error
API call failed with command: add-simple-gateway
Payload: {'name': 'aws_island--i-000bbdec1f6babbd2--eu-central-1', 'ip-address': '10.123.242.12', 'interfaces': [{'name': 'eth0', 'ipv4-address': '10.123.242.12', 'ipv4-mask-length': 28, 'anti-spoofing': False, 'topology': 'internal'}],
*****, 'version': 'R81.20', 'comments': '{tags=managed-virtual-gateway}'}
Error details: {'code': 'generic_err_invalid_parameter', 'message': 'Invalid parameter for [version]. The invalid value [R81.20] should be replaced by one of the following values: [R75.40 and above]'}
While R81.10 seems to work as version string, R81.20 does not ;-). Any ideas?
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @Doeschi,
Please see Jumbo Hotfix Accumulator for R81.10.
JHF take 82 note: Added ability for R81.10 Security Management and Multi-Domain Security Management Server to manage R81.20 Security Gateways. It Requires R81.10 SmartConsole Build 412 (or higher).
You mentioned that your MDS version is R81.10 JHF 66, so you probably need to install JHF take 82 or higher.
Thanks,
Natanel
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @Doeschi,
Please see Jumbo Hotfix Accumulator for R81.10.
JHF take 82 note: Added ability for R81.10 Security Management and Multi-Domain Security Management Server to manage R81.20 Security Gateways. It Requires R81.10 SmartConsole Build 412 (or higher).
You mentioned that your MDS version is R81.10 JHF 66, so you probably need to install JHF take 82 or higher.
Thanks,
Natanel
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks, must have missed that... will give it a try, upgrading our mds isn't a small task tho 😅
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We started supporting CPUSE upgrade for MDS/MGMT in AWS.
Try with this:
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...