This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
knassif
Participant
‎2026-01-30 05:55 PM
Jump to solution

VSX gateway decom

what is the correct way of deleting and decommissioning a VSX gateway, when we deleted the VSX from Smartconsole, when you try to add the VLAN again to another VSX it says it is already allocated and does not let you. rebooting the gateway fixes the issue, is there a step I am missing when decommissioning/deleting the VSX that it is not cleaning it up properly?

thanks

0 Kudos
1 Solution

Accepted Solutions
JozkoMrkvicka
Authority
Authority
‎2026-01-31 03:29 AM
Jump to solution

1. Perform backup/snapshot of management where VSX is managed from (in case you need to revert decommissioned VSX).

1a (optional). Save all configs from all VSs for further processing (like audit).

2. Delete all VSs from SmartConsole

3. Delete VSW (Virtual Switch) and/or VSR (Virtual Router) from SmartConsole

4. Delete complete VSX gateway/cluster (VS0) from SmartConsole

5. Grace period of 1 month in case something was not planned to be deleted

6. Perform factory default reset over CLI on VSX gateway/cluster

7. perform cleanup of all rules, objects, domains, rulebases where VSX related things were used

Kind regards,
Jozko Mrkvicka

View solution in original post

9 Replies
the_rock
MVP Diamond
MVP Diamond
‎2026-01-30 06:32 PM
Jump to solution

Im no VSX expert by any means, but I recall from while back, one way to do this was via vsx provision tool or reset_gw locally. Ultimately, I would make sure to remove any reference from Guidbedit as well.

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
WiliRGasparetto
MVP Diamond
MVP Diamond
‎2026-01-30 06:54 PM
Jump to solution

Deleting a VSX Gateway

When you delete a VSX Gateway object, the operation automatically deletes all Virtual
Systems and other Virtual Devices associated with that VSX Gateway from the management
database.

To delete a VSX Gateway:
1. From the Gateways & Servers view or Object Explorer tree, right-click the VSX Gateway
object on the Object Tree and select Delete.

2. In the window that opens, click Yes.
Backing up and Restoring VSX Gateway

In the event of a catastrophic VSX Gateway failure, you can restore the VSX Gateway
configuration and its Virtual Device configuration.

Follow the instructions in the sk100395: How to backup and restore VSX Gateway.

https://support.checkpoint.com/results/sk/sk100395

the_rock
MVP Diamond
MVP Diamond
‎2026-01-30 07:06 PM
In response to WiliRGasparetto
Jump to solution

Good points @WiliRGasparetto 

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
WiliRGasparetto
MVP Diamond
MVP Diamond
‎2026-01-30 07:05 PM
Jump to solution

Afterwards, let me know if it was helpful. If you need any more help, just tell me.

JozkoMrkvicka
Authority
Authority
‎2026-01-31 03:29 AM
Jump to solution

1. Perform backup/snapshot of management where VSX is managed from (in case you need to revert decommissioned VSX).

1a (optional). Save all configs from all VSs for further processing (like audit).

2. Delete all VSs from SmartConsole

3. Delete VSW (Virtual Switch) and/or VSR (Virtual Router) from SmartConsole

4. Delete complete VSX gateway/cluster (VS0) from SmartConsole

5. Grace period of 1 month in case something was not planned to be deleted

6. Perform factory default reset over CLI on VSX gateway/cluster

7. perform cleanup of all rules, objects, domains, rulebases where VSX related things were used

Kind regards,
Jozko Mrkvicka
knassif
Participant
‎2026-01-31 08:13 AM
In response to JozkoMrkvicka
Jump to solution

it is one VSX that we need to clean up not all VS's associated to that cluster, anything needs to be done from CLI so that the VLANs dont give the error of being allocated still? do we need to install database form smartconsole?

0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2026-01-31 08:18 AM
In response to knassif
Jump to solution

I would do that, for sure. It would just refresh mgmt database, so would not break anything. Still, as I mentioned in my previous post, worth verifying guidbedit as well.

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
JozkoMrkvicka
Authority
Authority
‎2026-02-01 02:08 PM
In response to knassif
Jump to solution

If one particular virtual system (VS) is needed to be removed from existing VSX gateway/cluster, there is just a good idea to save all configuration from CLI (set virtual-system XY, save configuration filename.txt). Deletion just one of many VSs must be done only over SmartConsole (right click -> Delete).

Kind regards,
Jozko Mrkvicka
(1)
the_rock
MVP Diamond
MVP Diamond
‎2026-02-01 02:45 PM
In response to JozkoMrkvicka
Jump to solution

Makes sense. @knassif , I strongly suggest do backup and/or snapshot as well before doing any of this.

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events