This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Naguinix
Participant
2 weeks ago

SCV issues on Maestro R82

Hi community,

Has anyone experienced issues with Secure Configuration Verification (SCV) in Maestro with R82?

Topology:

Management R82 (JHF 60) > 2 x MHO 140 (JHF 60) > 2X GW 9400 (JHF 60) > Security Group > VSX > GW_Remote_access (Blades:FW,MOB,VPN,)

After migrating from VSX with R81.20, where everything was working fine, we have encountered several issues,

The logs show various compliance errors; it appears that the management server isn't properly sending the local.scv file to the members under the Maestro (2X 9400 ).

We tried removing the secondary Maestro GW member, manually transferring the file from the management server to the GW, and then cloning it—and it worked for a few days, but now it's failing again.

We’re sure the configuration is correct since we have MEP, with some firewalls on R81.20 running VSX as well, and clients connect fine there.

We also tried to recreate the site from the endpoint clients, but without success.
IP assignment, authentication, and even MFA all work well.

These are some logs we have:

- Unknown user
- Client configuration is not verified
- No security policy is configured
- And other errors.

We already have an open case, but I'd like to know if anyone else has had issues with Maestro + VSX + SCV in R82

TY.

0 Kudos
2 Replies
Lesley
MVP Gold
MVP Gold
2 weeks ago

Local SCV settings can be customized by Security Gateway when creating a $FWDIR/conf/local.scv_<GW NAME> file, otherwise the settings fall back to the standard local.scv configuration.

Have you done this?

-------
Please press "Accept as Solution" if my post solved it 🙂
the_rock
MVP Diamond
MVP Diamond
2 weeks ago

I see what Lesley is saying, definitely something to verify.

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
 
Upcoming Maestro Events

    CheckMates Events