Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Champion
Champion

Demand for VSX support in SmartConsole Extensions?

Do you have demand for VSX support in SmartConsole Extensions?

Check Point's SmartConsole has several limitations when working with VSX objects.
Example: Running One-time scripts on VS systems is not supported:

image.png

You can run One-time scripts on the VSX object but not on a VS in it's specific VS environment. That's because cprid_util doesn't support connecting to a VS directly, it requires to connect to the VSX.

This SmartConsole limitation also makes it much harder to implement VSX/VS support in SmartConsole Extensions for which I'm receiving requests every now and then. It's not impossible, just a challenge. I'd be willing to take up the challenge if there is enough demand for VSX support in this community. Please respond if you'd like to have VSX support added.

The challenge for me to overcome the various limitations:

  1. Identify if a VS object type has been selected [easy]
  2. Find the main IP of the VSX object managing the selected VS object [tough]
  3. Identify the primary security management (easy, doesn't work in Smart-1 Cloud!)
  4. Connect to VSX via cprid_util utilizing the run-script command on the management [easy]
  5. Change the VS environment via script workaround [medium]
  6. Run the desired commands

Regards, Danny

9 Replies
Highlighted
Contributor

Hey Danny,

You already know that I would like this - I am just chiming in 🙂

The better solution would of course be that Check Point fixed the backend so this would be possible.

But knowing the release schedule of Check Point I would like even a 'hacked' solution.

regards,

Henrik

0 Kudos
Reply
Highlighted

I definitely want to see VSX Support. We are transitioning from Cisco context and FG VDOM's to VSX and I'd like to have this level of visibility.

0 Kudos
Reply
Highlighted
Contributor

Would be great to see and use SmartConsole Extensions in VSX environment! 🙂 

0 Kudos
Reply
Highlighted
Advisor

We have not really looked at SmartConsole extensions yet, but all our main clusters are VSX based, so when we get there, VSX support is definitely wanted. 🙂

0 Kudos
Reply
Highlighted
Champion
Champion

Danny,

What really would be nice to see from the SmartConsole is the actual and max used connections for each VS, that will give you the opportunity to easily check and see if a raise of max connections is required.

Regards, Maarten
0 Kudos
Reply
Highlighted
Contributor

Hey Maarten,

I think this is something you want to monitor with snmp 🙂

vsxCountersTable  - .1.3.6.1.4.1.2620.1.16.23.1

/Henrik

 

 

0 Kudos
Reply
Highlighted

Hi @Danny ,

I vote for YES.

Regarding your tough point (2. Find the main IP of the VSX object in charge for the selected VS object). I would go via, still working (even in R80.40), dbedit utility.

In order to find all VS objects within ALL CMAs which will give you following output:
Name of VS
IP Address of VS
Domain name (NOT CMA NAME) of "parent" VSX cluster

 

for CMA in $($MDSVERUTIL AllCMAs)
 do
   mdsenv $CMA
   $MDSDIR/bin/cpmiquerybin attr "" network_objects "class='vs_cluster_netobj'" -a __name__,ipaddr,main_customer | sed 's/MISSING_ATTR//g'
 done

 

Once you have Main "parent" Domain name where VSX object is part of, then check which CMAs are part of it (via API) and then go inside Active domain and check Main IP of VSX:

 

mdsenv $ACTIVE_CMA_OF_VSX_CLUSTER
$MDSDIR/bin/cpmiquerybin attr "" network_objects "class='vsx_cluster_netobj'" -a __name__,ipaddr | sed 's/MISSING_ATTR//g'

 

Once you have IP, you can use cprid_util inside CMA to directly connect to that IP and perform whatever you want 🙂

You can also check members of VSX cluster (class='vsx_cluster_member').

Not sure if this can be used for Extensions purposes, but this will be the steps I will check Main VSX IP of selected VS using Bash.

Hope it will help somehow 🙂

Kind regards,
Jozko Mrkvicka
0 Kudos
Reply
Highlighted

Or one more way.
You can check exact Main IP of VSX members including the name of VSX members using following command:

 

mdsenv $CMA_OF_VS
$MDSDIR/bin/cpmiquerybin attr "" network_objects "class='vs_cluster_member'" -a __name__,mgmt_ip | sed 's/MISSING_ATTR//g'

 

The name is in following format:
nameOfVSXmember1_VSname
nameOfVSXmember2_VSname
.
.
.
nameOfVSXmemberN_VSname

Kind regards,
Jozko Mrkvicka
0 Kudos
Reply
Highlighted
Champion
Champion

Hi @JozkoMrkvicka ,

thanks for your support. mdsenv is a MDS command while VSX can also be used in standard SmartCenter environments.

I need a solution that works entirely within mgmt_cli. Multiple mgmt_cli commands are possible.

I have a special SmartConsole Extension that shows the context for a selected object: https://dannyjung.de/smx.json
From the available information of this context I need to issue mgmt_cli commands to identify the relevant VSX server.

Now you see why it's so tough.

0 Kudos
Reply