Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Ruan_Kotze
Advisor

Platform Portal missing on VSX

Hi All,

I have a site running VSX, with one of the VS's running the IPSEC blade only (MAB not enabled) to which endpoint clients connect. As expected the clients gets a certificate warning when you set up the connection for the first time (the client does a HTTPS connection to the gateway as part of setting up the site).

Usually I would resolve this by installing a trusted certificate via the platform portal setting on the gateway properties.  Problem is I can't find this setting, not on the VS or on VS0.

How does one resolve this in a VSX environment?  All my searching have come up blank, I'm certain I'm missing something very simple.

Thanks,
Ruan

0 Kudos
7 Replies
JanVC
Collaborator

2021-04-15 13_58_41.png

Did you look there?

Ruan_Kotze
Advisor

Hi Jan,

Unfortunately in this environment MAB is not enabled.  Good to know it is an option though!

As mentioned in non VSX environments I resolve this by changing out the platform portal certificate, seems this is not an option with VSX then.

0 Kudos
JanVC
Collaborator

And what about the "UserCheck" config more to the top on the same screenshot?

I know for a fact we didn't modify that cert but it shows the same as our MAB cert

Ruan_Kotze
Advisor

That requires IA to be enabled, which is also not enabled in this environment.  But you have given me an idea - What I will test is:

  1. enabling either of the two blades
  2. switching out the certificate
  3. pushing policy
  4. Test Site creation to confirm correct certificate
  5. De-active blade activated in step 1
  6. Push policy
  7. Test site creation again to confirm the certificate is still in place

Thanks for responding and I will revert with my results!

0 Kudos
JanVC
Collaborator

weird, we don't have IA enabled on that vs

0 Kudos
Ruan_Kotze
Advisor

Sorry that was my mistake, it's not related to IA. 

I enabled Content Awareness to get access to the UserCheck portal and replaced the certificate with one trusted by the clients.  Testing was successful, however once one disable the the relevant blade the certificate reverts back to the one signed by the internal Check Point CA.

I've got a ticket open with TAC now - will update the thread based on the outcome of that.

0 Kudos
PhoneBoy
Admin
Admin

If you can change this in the Gaia UI, you can temporarily turn off VSX mode on the Gateway, make the appropriate changes, then turn VSX mode back on.

0 Kudos