Solved: Re: Platform Portal missing on VSX

Ruan_Kotze · ‎2021-04-15

Hi All,

I have a site running VSX, with one of the VS's running the IPSEC blade only (MAB not enabled) to which endpoint clients connect. As expected the clients gets a certificate warning when you set up the connection for the first time (the client does a HTTPS connection to the gateway as part of setting up the site).

Usually I would resolve this by installing a trusted certificate via the platform portal setting on the gateway properties. Problem is I can't find this setting, not on the VS or on VS0.

How does one resolve this in a VSX environment? All my searching have come up blank, I'm certain I'm missing something very simple.

Thanks,
Ruan

JiaHaoC · ‎2022-11-05

Seems like I've found the solution. Although there is an instance of Multi-Portal daemon running on VS0, it is actually not running. I simply needed to follow the Client's CA signed certificate steps in sk97648

View solution in original post

JanVC · ‎2021-04-15

Did you look there?

Ruan_Kotze · ‎2021-04-15

Hi Jan,

Unfortunately in this environment MAB is not enabled. Good to know it is an option though!

As mentioned in non VSX environments I resolve this by changing out the platform portal certificate, seems this is not an option with VSX then.

JanVC · ‎2021-04-15

And what about the "UserCheck" config more to the top on the same screenshot?

I know for a fact we didn't modify that cert but it shows the same as our MAB cert

Ruan_Kotze · ‎2021-04-15

That requires IA to be enabled, which is also not enabled in this environment. But you have given me an idea - What I will test is:

enabling either of the two blades
switching out the certificate
pushing policy
Test Site creation to confirm correct certificate
De-active blade activated in step 1
Push policy
Test site creation again to confirm the certificate is still in place

Thanks for responding and I will revert with my results!

JanVC · ‎2021-04-15

weird, we don't have IA enabled on that vs

Ruan_Kotze · ‎2021-04-15

Sorry that was my mistake, it's not related to IA.

I enabled Content Awareness to get access to the UserCheck portal and replaced the certificate with one trusted by the clients. Testing was successful, however once one disable the the relevant blade the certificate reverts back to the one signed by the internal Check Point CA.

I've got a ticket open with TAC now - will update the thread based on the outcome of that.

JiaHaoC · ‎2022-11-01

It seems I’m also facing the same issue. Have you had any luck with TAC? Couldn’t find any SK on this.

JiaHaoC · ‎2022-11-05

Seems like I've found the solution. Although there is an instance of Multi-Portal daemon running on VS0, it is actually not running. I simply needed to follow the Client's CA signed certificate steps in sk97648

PhoneBoy · ‎2021-04-15

If you can change this in the Gaia UI, you can temporarily turn off VSX mode on the Gateway, make the appropriate changes, then turn VSX mode back on.

agung3012 · ‎2024-03-14

is it that simple?
are there any side effects of temporarily turning off VSX mode on the Gateway, then re-enabling VSX mode ?

thankyou

PhoneBoy · ‎2024-03-14

Not that I've seen.
I would make certain no one is making changes to VSX objects while VSX mode is off, though.

Are you a member of CheckMates?

Platform Portal missing on VSX