This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Daniel_Ionut_Ba
Explorer
‎2024-02-05 07:47 AM

vSEC Controller enforce Datacenter Objects on more gateways

Hello Checkmates,


In our DC we have a VSX cluster with 95 VS running on it, we also deployed an on-prem Cloudguard that should filter the ACI traffic. At the moment 19 gateways enforce the Datacenter Objects when running the command "cpstat vsec"

 

vSEC Controller Status: on
Number of disconnected Data Centers: 0
Number of Data Centers: 2
Number of imported Data Center objects: 461
Number of gateways enforcing Data Center objects: 19

 


Also, in the " CloudGuard Controller Service Manager Menu" (vsec_controller_cli) there are only 85 VS gateways out of 95 listed

We are using Datacenter Object for all the tenants and i don't know how i can enforce the datacenter objects on more VS or what is the issue that the Datacenter Objects are enforced on only 19 GW.

The 2nd topic would be how i can add all 95 or more gateways to the " CloudGuard Controller Service Manager Menu" list

I have opened a TAC case for this issue but there is no real progress with it, only trial-and-error solutions.

Thank you for your support!

 

0 Kudos
2 Replies
tomlev
Employee
Employee
‎2024-02-05 09:03 AM

What version and JHF take is your management? In the 'cpstat vsec' output there should be a table with the GWs. Could it be that it shows only the physical clusters and not the virtual ones?

As for the cli, I'd install policy on one of the missing again, to make sure it is not the issue.
Are there any errors in $MDS_FWIDR/log/cpm.elg or $MDS_FWIDR/log/cloud_proxy.elg?

Daniel_Ionut_Ba
Explorer
‎2024-02-07 03:01 AM
In response to tomlev

Hello Tomlev, 

Thank you for your reply. 

In the "cpstat vsec" table there are 2 clusters and 17 VS

Also some VS are not listed in the "vsec_controller_cli" list 12  of them are missing, Now i am not sure why i have only 85 objects in the list, is this a limitation, should i change a kernel parameter?

There are some error losgs in the $MDS_FWDIR/log/cpm.elg should i look for something specific ?

The SMS is running Gaia R81.10 JHFT 110

Thank you!

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
UPCOMING CLOUDMATES EVENTS
    All CloudMates Events