Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Pavan09
Participant
Jump to solution

Maestro not showing Unassigned Gateways

Hey guys, i have 2 maestro 140 series and 3 6900 security gateways. The problem I’m facing is Maestro devices are not showing any gateways in orchestration. Since lldp is used for discovering the devices i have checked under cli of maestro and its showing neighbours but on gaia portal its not showing any gateways. Regards.
0 Kudos
1 Solution

Accepted Solutions
Jones
Collaborator
Collaborator

Both the MHO's and SGM's run on R81.10SP version.

When you connect the MHO's and SGM's, it should be fine to start without the Jumbo version installed on R81.10. Since you have issues with it ("lldpneighbors transport socket error"), installing an Jumbo take might help in  your case. If it does not, try to make the MHO factory default R81.10SP and try again.

I recommend watching this video from Lari who is a Maestro SME from Check Point: EMEA: Maestro Introduction and Best Practices - Vi... - Check Point CheckMates

View solution in original post

10 Replies
Tom_Kendrick
Employee
Employee

Here's a list of things to check, just to try and rule out what it could be:

1) Ensure ports that are marked as downlinks on the MHO (normally port 27 or higher) are connected to the appliances

2) Check the type of the port is downlink (show or set maestro port 1/<port>/1 type) and change with set

3) Check that port 1 on the appliance's 10G port is connected to MHO 1 (port set to downlink on the MHO) and port 2 on the appliance's 10G port is connected to MHO 2 (e.g. to a downlink) 

4) Make sure that you have installed a scalable platforms version of the ISO onto the appliances

5) Confirm that you have the site amount configured correctly

6) Make sure the MHO amount is set correctly

7) Check the sync port is connected between the MHO's and set to be ssm_sync (like in 2 above)

 

If all of this is done, then from expert on the MHO, normally an orchd restart all you'd need.

 

Tom

(1)
Pavan09
Participant

Hey, thanks for the response. 

from point 1 through 3 we have configured everything according to documentation and matches with your reply.

I have cross checked in the cli that it's a downlink.

4)Make sure that you have installed a scalable platforms version of the ISO onto the appliances 

We are running, GAiA PortalR81.10 on the appliance and  GAiA Portal R81.10 on the Maestro device.

6)Make sure the MHO amount is set correctly.

Yes, we have set the MHO amount as 2 which is by default.

7)7) Check the sync port is connected between the MHO's and set to be ssm_sync (like in 2 above) 

Connected 48th port of each MHO for sync. please could you clarify on the ssm_sync.

 

My observation: LLDP Service has issue in MHO it's not discovering gateways when i run lldpneighbour im getting the following error: "lldpneighbors transport socket error "

 

Regards,

 

 

0 Kudos
Jones
Collaborator
Collaborator

Hey,

The software image for the Maestro devices should not be the default R81.10 image but should be de Scalable Platform image found here:
https://support.checkpoint.com/results/download/115149
For the 6900 gateways, if they are not in a default Maestro packages they might have the "normal" software and not the SP software installed.

Also, make sure you have the recommended Jumbo Installed found here:
https://sc1.checkpoint.com/documents/Jumbo_HFA/R81.10/R81.10/R81.10_Downloads.htm
In the latest take 95 an lldp issue was addressed (PRJ-43986, PRHF-27222): The "lldpneighbors" Clish command may have a corrupted output.

You have checked if a port is a downlink, you can also do the same for port 48 if it is actually the local MHO sync port, it will show "ssm_sync" like it will show "downlink" on another interface.

Also, use the Check Point DAC cables to connect the MHO's and the SGM's (6900's) with each other.

Kind Regards,

Jones

0 Kudos
Pavan09
Participant

Hi Jones, thanks for the detailed explanation.

1)I have the MHO-140 Software loaded from the link which you have shared. 

2)I will cross verify all my SGM's to see if they are running the SP version. So just to confirm, the SGM should also run the same SP version ISO ?

3) I have NOT applied the JHF which you have linked, thanks for the useful link i will apply the fix and check if it working.

4) YES, indeed the MHO shows the interface description as mentioned, but since i'am facing issues with interfaces also will work on that.

5) YES, we are using Check Point's cables to not have doubt on the cabling.

 

Regads,

P

 

 

0 Kudos
Jones
Collaborator
Collaborator

Both the MHO's and SGM's run on R81.10SP version.

When you connect the MHO's and SGM's, it should be fine to start without the Jumbo version installed on R81.10. Since you have issues with it ("lldpneighbors transport socket error"), installing an Jumbo take might help in  your case. If it does not, try to make the MHO factory default R81.10SP and try again.

I recommend watching this video from Lari who is a Maestro SME from Check Point: EMEA: Maestro Introduction and Best Practices - Vi... - Check Point CheckMates

Pavan09
Participant

Hi Jones, appreciate the response. Will work on it and update you ASAP.

 

Regards,

 

0 Kudos
Jones
Collaborator
Collaborator

Hi,

Did you fix the issue?

Regards Jones

0 Kudos
Pavan09
Participant

Hi Jones, unfortunately it’s not yet fixed, check point TAC continuously refused it’s there issue but in the end they agreed it’s a product issue and they provided steps to reimage device.

0 Kudos
Jones
Collaborator
Collaborator

Hi Pavan09,

Did you resolve your issue by now by reimaging the MHO's?

Regards Jones

0 Kudos
Pavan09
Participant

Hi Jones , 

YES indeed. We re-imaged all 3 SGMs to R81.SP and applied hotfix on Maestro devices. All Gateways are visible and no issues with the Interfaces too.  

I really appreciate the time you invested in this issue. 

 

Regards,

 

0 Kudos