This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
marcyn
Advisor
Advisor
2 weeks ago

Blink answers.xml and ElasticXL

Hello CheckMates,

I'm wondering if anyone tried to install Check Point Gateway with blink tool as a ElasticXL cluster ?

In a near future I will have a task to install something like 80+ gateways with almost identical configuration.
This is ideal scenario for orchestration with blink.

However I don't want to use ClusterXL anymore, but obviously a newer and in my opinion a way better ElasticXL.

For all of you who know blink, you know that there is answers.xml file which you should prepare upfront (and couple more files obviously).
In case of gateway in answers.xml file there is this section:

<role_configuration>
	<gateway>
		<activation_key>SIC password in b64</activation_key>
		<cluster>true</cluster>
	</gateway>
</role_configuration>

So in case of cluster ... we need to use here <cluster>true</cluster> .... but this days we have two options (besides legacy VRRP): ClusterXL and ElasticXL ... which we can choose using FTW.
How to do it with answers.xml and choose ElasticXL ? 🙂
I'm preety sure that with <cluster>true</cluster> it will be good and old friend ClusterXL.

I didn't find a newer version of answers.xml that includes R82's changes.
The https://support.checkpoint.com/results/sk/sk120193 was updated with R82 ... but I'm affraid that only in regards download links for R82 tgz blink image ... which is also not updated for some time, because it is still build 777 (which has CRL issue) ... and not 779.
Unfortunately section regarding answers.xml was not updated.

Does anybody know how to deal with this ?

--
Sincerely
m.

3 Replies
marcyn
Advisor
Advisor
2 weeks ago

Hello,

As until now there is no feedback maybe I'll give one.

1) how to do it with blink ... I don't know ... that's why I asked, it is also possible that right now it is simply not implemented yet
2) ... but we can always use "config_system" ... where we have for example "smo_config=true"

So even if blink will not be possible (is it ?) ... config_system is always possible.
But it will not be "one click solution" (as with blink) but a little bit more steps will be required, for example:
step 1) config_system
step 2) import gaia config file
step 3) update to chosen JHF
Nothing bad ... but with blink it will be just more simple and more automated 🙂

 

So ... in case anyone was wondering if some kind of orchestration is possible in case ElasticXL deployment ... of course it is.
But is it possible now with blink ... I don't know 🙂

--
m.

0 Kudos
Bob_Zimmerman
MVP Gold
MVP Gold
2 weeks ago

Yeah, there's not a documented way to set up a firewall as an ElasticXL cluster via Blink. Fortunately, you only need to build the first member, as all the others clone lv_current from an existing member when they join the cluster, so it's not like you use Blink with members 2+.

I would just build them with config_system, install the jumbo you want, then plug them in and have them adopt subsequent members.

0 Kudos
marcyn
Advisor
Advisor
2 weeks ago
In response to Bob_Zimmerman

Yup ... this is the only option that I'm aware at this point.
And I just mentioned this above.

Why blink ? because as I describet this above it will be ... one command where I will have 3 tasks (upgrade, ftw, Gaia config).
But ... config_system will also do the job ... a little bit more work, but not a lot more ... so OK 🙂

--
m.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    In-Person

    Tue 19 May 2026 @ 08:00 AM (EDT)

    Montreal: P’tits déj Cyber! | Cyber Breakfasts!
    In-Person

    Tue 02 Jun 2026 @ 09:00 AM (CEST)

    CheckMates Live Denmark - Aarhus
    In-Person

    Wed 03 Jun 2026 @ 09:00 AM (CEST)

    CheckMates Live Denmark - Copenhagen
    CheckMates Events