This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
tonybagel
Explorer
‎2020-03-10 02:37 PM

Convert cluster from VSX to physical gateway

Hello,

I'm running a VSX cluster on R80.20 and I've created a couple virtual gateways and a virtual switch and applied policy to them.  I'd like to convert this over to a single physical gateway.  I seem to have found a way to do this in R77 by deleting the virtual devices, right clicking the the VSX cluster and selecting "Convert to gateway".  I haven't seen similar documentation for R80.20, is the process similar?

0 Kudos
1 Reply
Maarten_Sjouw
Champion
Champion
‎2020-03-10 10:48 PM

When you have a VSX cluster, you could simply create a new cluster with both members already in but not yet SIC'ed. Now do a clean install on 1 of the 2 boxes, your other box is still handling all traffic, configure interfaces and routing, establish SIC to the newly installed box and now you are ready to install the new policy to it.

Personally I would use the Switch port move method to switch to the other box. What I mean by that is that you disable all ports (except Mgmt) when you take it out of production to be reinstalled, then when reday to move the data to the newly installed unit, you disable all switchports on the VSX box and enable the ports on the other box.

This way you can easily fail back and you have the shortest downtime. On top of that you will have a clean new installation.

To remove the VSX cluster, the VS's and the VSwitch you need to be very aware of what you do. To enable the deletion of VSX objects when the VSX hardware is gone, you need to issue a few debug commands on your management server:
fw debug fwm on TDERROR_ALL_VSXM_DBG_SKIP_PING=INFO
fw debug fwm on TDERROR_ALL_VSXM_DBG_SKIP_INSTALL=INFO
fw debug fwm on TDERROR_ALL_VSXM_DBG_SKIP_PULL_SIC=INFO
- Remove all VSX objects in SmartConsole and then issue:
fw debug fwm off
One very important thing: during the process, before deleting any object, make sure it not used anymore (installation targets) AND you Publish, Publish and Publish!!!
Regards, Maarten

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events