This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
bluecross
Explorer
yesterday

Lab: R82.10 ElasticXL & VSNext problems in VMware

Hello,

I'm trying to setup a R82 lab with ElasticXL and VSNext in VMware.
Having read these posts: https://community.checkpoint.com/t5/Firewall-and-Security-Management/R82-ElasticXL-amp-VSNext-Issues... and https://community.checkpoint.com/t5/Firewall-and-Security-Management/Building-VSNext-in-R82-walk-thr... I supposed that VSNext is possible in virtualization, but I'm still failing.
Setting up ElasticXL-Cluster didn't throw up any problems, but when setting it up as VSNext, there's no communication possible between SMS and gateway.
Can anybody confirm, that it is possible to run VSNext under virtualization? Both posts mention proxmox for the lab, also VMware (vSphere/ESXi) should be possible too.
When I configure the gateway for VSNext in the FTW, I can't connect to the management IP of the system after reboot. vNIC is in the same vlan (portgroup). I assume that the creation of the "wrp0" interface is the cause of the problem, as it uses a new virtual mac which is mapped to the (correct) mgmt/eth0 interface. Promiscuous mode is enabled for the portgroups of the dSwitch too...

Thanks for your help!

0 Kudos
3 Replies
Lesley
MVP Gold
MVP Gold
yesterday

Support has changed from R82 to R82.10 check it out here:

https://sc1.checkpoint.com/documents/R82.10/WebAdminGuides/EN/CP_R82.10_RN/Content/Topics-RN/Support...

 

-------
Please press "Accept as Solution" if my post solved it 🙂
0 Kudos
emmap
MVP Gold CHKP MVP Gold CHKP
MVP Gold CHKP
yesterday

It's supported and should work, I've done it in VMWare workstation without issue. Can you ping out from VS0?

0 Kudos
bluecross
Explorer
yesterday
In response to emmap

@emmap wrote:

Can you ping out from VS0?

No, seems like an isolated host. Can not ping second gateway in same network (and it's the same dSwitch on the same esxi host), nor the SMS or a client in this network.
Same is true for the sync-network, both VMs use 192.0.2.1, not resulting in conflict.

I can see the mac addresses for the SMS an client VM on both nodes via wrp0 but not the other gateway (incomplete).

Situation on the sync-network is a little bit different: Moving the client vm to the sync-network with an ip from this network I can reach 192.0.2.1 (tested with both gateways)

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events