This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
AaronCP
Advisor
Monday

Generic Data Centre Object not copying to Maestro SGM

Evening,

We've recently deployed a new Maestro stack that comprises the following:

2 x MHO-140s (single site)

3 x 9800 SGMs

VSX mode enabled

R81.20 T84

1 x VFW

We've configured both a Generic Data Centre Object & a Cisco ACI object to use the ESGs and ExternalEPGs in firewall policy. The GDO points to a JSON file stored in GitHub that contains the ExternalEPG information (we had to use this as a workaround due to the Cisco ACI object lacking the ability to query ExternalEPGs). The VFW policy uses the ESGs & ExternalEPGs as source & destination objects.

Connectivity testing commenced today, with intermittent results. I could see in the logs that some traffic was being accepted and some being dropped by the cleanup rule. Further analysis showed that the accepted traffic was for the SMO (member ID 1_1) and all dropped traffic was on members 1_2 & 1_3 (side note - it would be great if this field could be selected as a view option in dashboard!).

When logging into the SMO, switching to vsenv 1 and running dynamic_objects -cfo_show, the contents/IP ranges of the GDO object are displayed as expected. When moving to members 2 & 3 and switching to vsenv 1, the dynamic_objects -cfo_show command returns a "File not found" message.

I assumed that the SMO would have copied the GDO objects to the other SGMs, but it would appear that's not happening.

Has anyone seen this behaviour before? Or have any suggestions as to why the GDO objects aren't being copied to all members?

Thanks,

Aaron.

0 Kudos
1 Reply
AkosBakos
Mentor Mentor
Mentor
Tuesday

@AaronCP 

I'm not 100% percent sure about that, this kind of files must been copied to the other members automatically.

If you check the show smo image md5sum what is the output? The md5sum's are tehe same?

A workaround can be to copy the relevant files to each SGM with #asg_cp2blades command

You can expant the script with this line.

Akos

 

----------------
\m/_(>_<)_\m/
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
 
Upcoming Maestro Events

    CheckMates Events
    Top