This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Doeschi
Contributor
‎2023-01-25 05:35 AM
Jump to solution

R81.20 Gateways with CME not supported?

Hi all,

we tried to deploy some new R81.20 gateways in a GWLB setup and failed with the CME setup. We've got the following setup:

Version of the MDS Server:

CheckPoint R81.10 JHF 66

autoprov_cfg -v
CME Version: Build: 991592204 Take: 222

parts of: autoprov_cfg show all
controllers:
"aws_island":
access-key: xxxxxxxxxxxxxxxxxxxxxxx
class: AWS
regions:
- eu-central-1
- eu-south-1
secret-key: "__protected__autoprovision/controllers/xxxxxxxxxxxxxxxxxx/secret-key"
sync:
gateway: true
templates:
- "aws_island_R8040"
- "aws_island_R8120"

templates:
"aws_island_R8120":
application-control: true
health-check-ip-range: "10.123.0.0,10.123.255.255"
identity-awareness: true
ips: true
one-time-password: "__protected__autoprovision/xxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxx/one-time-password"
policy: "AWS_Integration"
send-alerts-to-server: fwlogxxxxxxxxxxxx
send-logs-to-server: fwlogxxxxxxxxxxxxxx
url-filtering: true
version: "R81.20"

----------------------------

cme.log shows:

2023-01-24 15:30:56,437 CME_SERVICE INFO aws_island--i-000bbdec1f6babbd2--eu-central-1 state is changed to: ADDING
2023-01-24 15:30:56,469 CME_SERVICE ERROR Failed to provision the Security Gateway instance aws_island--i-000bbdec1f6babbd2--eu-central-1.
Error details: Management API failure (add-simple-gateway)..
2023-01-24 15:30:56,480 CME_SERVICE ERROR Error traceback: Traceback (most recent call last):
File "/opt/CPcme/service/cme_service.py", line 536, in sync
instance, gw, auto_hf)
File "/opt/CPcme/cp_handlers/mgmt_autoprovision_handler.py", line 1755, in set_gateway
args = self.establish_gateway(instance, gw)
File "/opt/CPcme/cp_handlers/mgmt_autoprovision_handler.py", line 198, in establish_gateway
simple_gateway=simple_gateway)
File "/opt/CPcme/cp_handlers/mgmt_autoprovision_handler.py", line 244, in configure_gateway_metadata
remove_if_ip_exists_in_cpm=True)
File "/opt/CPcme/cp_handlers/mgmt_autoprovision_handler.py", line 286, in add_gateway_to_cpm
self.management(CPMCommand.ADD_SIMPLE_GATEWAY, gw)
File "/opt/CPcme/cp_handlers/mgmt_handler.py", line 177, in __call__
silent=silent)
File "/opt/CPcme/cp_handlers/mgmt_api_handler.py", line 126, in __call__
CMEExceptionCodes.MGMT_API, command=command)
cme_exceptions.cme_exceptions.ManagementApiException: Error Code: Management API error

API call failed with command: add-simple-gateway
Payload: {'name': 'aws_island--i-000bbdec1f6babbd2--eu-central-1', 'ip-address': '10.123.242.12', 'interfaces': [{'name': 'eth0', 'ipv4-address': '10.123.242.12', 'ipv4-mask-length': 28, 'anti-spoofing': False, 'topology': 'internal'}],
*****, 'version': 'R81.20', 'comments': '{tags=managed-virtual-gateway}'}
Error details: {'code': 'generic_err_invalid_parameter', 'message': 'Invalid parameter for [version]. The invalid value [R81.20] should be replaced by one of the following values: [R75.40 and above]'}

While R81.10 seems to work as version string, R81.20 does not ;-). Any ideas?

0 Kudos
3 Replies
This widget could not be displayed.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
UPCOMING CLOUDMATES EVENTS
    All CloudMates Events