This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
JozkoMrkvicka
Authority
Authority
‎2020-06-28 06:29 AM
Jump to solution

LOM on newest Smart-1 appliances

Hello,

Why newest Smart-1 appliances don't have LOM available, despite the fact there is LOM interface on the appliance ?

For example Smart-1 625 appliance:

image.png

What does it mean "For future use - currently not supported" ? Can we expect this will be allowed by some newest Take, or new version ?

LOM was available for almost all older Smart-1 appliances (25, 25B, 50, 150, 225, 3050, 3150).

LOM port is available on following Smart-1 appliances, but is not working at all:
Smart-1 525
Smart-1 5050
Smart-1 5150
Smart-1 625

Kind regards,
Jozko Mrkvicka
0 Kudos
1 Solution

Accepted Solutions
Dolev
Employee
Employee
‎2020-09-12 09:55 AM
Jump to solution

Hi,

I am glad to say that enabling and updating iDRAC FW is now available, more info in sk122914, relevant documentation will be modified as well.

Regards,

Dolev

View solution in original post

14 Replies
PhoneBoy
Admin
Admin
‎2020-07-03 03:59 PM
Jump to solution

Check Point is in the process of integrating the LOM (iDRAC) with GAIA in order to provide more secured and robust operations.
As to when this will be formally supported, I can't say for sure.
I would check with your local Check Point office.
Joshua_Meetze
Explorer
‎2020-07-30 06:44 AM
In response to PhoneBoy
Jump to solution

Yeah, we have the same issue on our Smart-1 5050 appliances.  Would make me feel a lot better doing a fresh install on my appliances if LOM was working.  Hopefully Checkpoint will have this feature working in the near future.

0 Kudos
genisis__
Mentor Mentor
Mentor
‎2021-07-20 01:40 AM
In response to Joshua_Meetze
Jump to solution

We have a pair of 5050 appliances, running R80.40 (clean build via USB), and iDRAC works for me (iDRAC firmware updated to 4.40.10.00 (Note: latest release is 5.x.x.x))

Virtual console all works fine as well.

0 Kudos
Joshua_Meetze
Explorer
‎2020-07-30 06:46 AM
In response to PhoneBoy
Jump to solution

We have an HA pair of Smart-1 5050 appliances and have been waiting for LOM feature to be enabled since we purchased them.  To me, the LOM is more important on the management appliances that my gateways.  Especially when doing a fresh install.  Hopefully Checkpoint will have this working in the near future.

0 Kudos
Danny
Champion Champion
Champion
‎2020-09-01 11:19 PM
Jump to solution

Check Point has just removed the LOM checkmark for Smart-1 625 appliances from their Smart-1 Datasheet. I wonder why they didn't remove the checkmark for their other Smart-1 appliances as well as these neither have LOM support (see Known Limitations).

Check Point's newest Smart-1 appliances are DELL Open Servers as mentioned by Check Point. I guess this is why all LOM commands built into the Gaia clish are not working > these are built to run with Check Point LOMs only. iDRAC support is decribed here. On Smart-1 appliances LOM is called iDRAC (integrated DELL Remote Access Controller). Luckily you can still use ipmitool in expert mode to talk to the LOM and check that fans, temperature, voltage and everything is ok. I created a SmartConsole Extension - LOM Info to make LOM checks within SmartConsole really easy. 😊

_Val_
Admin
Admin
‎2020-09-02 12:42 AM
Jump to solution

@JozkoMrkvicka & @Danny 

AFAIK, there are certain concerns with iDRAC implementation on these servers. Although there are plans to support iDRAC in the future, we are still working on addressing those concerns from our side. LOM support will eventually come, when we are confident that all issues are addressed and do not present security and/or stability risks. However, the process does not only reside in Check Point, other parties are involved. 

If you have a strong case of necessity to use LOM for your SMART-1, you can address this with your local Check Point office.

0 Kudos
Sven_Glock
Advisor
‎2020-09-08 07:15 AM
In response to _Val_
Jump to solution

I  had  the same issue here. 
When escalating this with your local Check Point team someone from R&D will enable LOM for usage,
but this will happen with a disclaimer. You are responsible for all potential risks coming with activation.

0 Kudos
Dolev
Employee
Employee
‎2020-09-12 09:55 AM
Jump to solution

Hi,

I am glad to say that enabling and updating iDRAC FW is now available, more info in sk122914, relevant documentation will be modified as well.

Regards,

Dolev

JozkoMrkvicka
Authority
Authority
‎2020-09-13 11:55 PM
In response to Dolev
Jump to solution

Hi Dolev,

Thank you for great info.

Did I get it correct, that current LOM (iDRAC) solution for Smart-1 appliances is kind of "iDRAC/LOM EA" ? I am reffering to the EULA disclaimer while setting User.

In R80.30, for Smart-1 5050/5150, we need to install JHF Take 217. I didnt find anything related to LOM/iDRAC for Take 217 within Resolved issues.

Can we expect that firmware upgrade of iDRAC will be part of future R80.x Jumbo ?

When is plan to release "official" support with all the features (without security risks) ?

Thank you.

Kind regards,
Jozko Mrkvicka
0 Kudos
PhoneBoy
Admin
Admin
‎2020-09-14 06:41 AM
In response to JozkoMrkvicka
Jump to solution

The code for iDRAC has been there for some time but not publicized, thus the comment about the relevant documentation needing to be updated.

0 Kudos
Svendsen
Participant
‎2020-11-22 11:10 PM
In response to Dolev
Jump to solution

Just to let you know, there is no explanation on how to upload the firmware.

0 Kudos
Dolev
Employee
Employee
‎2020-11-22 11:14 PM
In response to Svendsen
Jump to solution

Hi,

The update is done using CPUSE packages, there is a line in the SK with reference to relevant SK.

"For instructions on how to download the relevant CPUSE package, refer to sk92449 - Check Point Upgrade Service Engine (CPUSE) - Gaia Deployment Agent"

 

Regards,

Dolev

0 Kudos
genisis__
Mentor Mentor
Mentor
‎2020-12-02 07:13 AM
In response to Dolev
Jump to solution

Is there a way to create a admin user?  the SetiDRACUser command seems to only create an operator account, which does not allow the option System Setting > System Update.

I don't have access to the host system yet so cannot copy files to the host and then use cpuse command.

 

0 Kudos
Dolev
Employee
Employee
‎2020-12-03 12:30 AM
In response to genisis__
Jump to solution

Hi,

We are only allowing an operator user; as mentioned in known limitations under  sk122914 :"Access to iDRAC is available only with restricted operator user"

Regards,

Dolev

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    Top