This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
LukeDRussell1
Participant
‎2024-10-03 01:19 AM
Jump to solution

MDS R81.20 on KVM, fresh install broken.

Hello,

I'm unable to get an MDS install working using this qcow2 image. I've been using this image for Gateway and SMS for a couple of months in my lab, everything seems to work fine. With MDS, the first symptom I noticed is I can't connect with Smart Console. SSH and Web to Gaia work fine though.

When I tried to run `api status` I would get an error about the missing file /opt/CPsuite-R81.20/fw1/conf/cpmServerSettings.props. I copied this from an SMS server to get past that error.

I also tried updating with the latest Take, but the Gaia web gui errors and suggests running `cpstop` but that doesn't work on an MDS server. 
I've tried about 5 times with a fresh VM, now I'm tearing my hair out.

 

Some probably relevant outputs that might help:

 

[Expert@cp-mds:0]# mdsstat

CPM: Check Point Security Management Server is not running

+------+--------------------+-----------------+-------------+-------------+-------------+-------------+-------------+
| Type | Name               | IP address      | FWM         | FWMHA       | FWD         | CPD         | CPCA        |
+------+--------------------+-----------------+-------------+-------------+-------------+-------------+-------------+
| MDS  |          -         | 172.30.32.10    | down        | down        | down        | down        | down        |
+------+--------------------+-----------------+-------------+-------------+-------------+-------------+-------------+
Total Domain Management Servers checked: 0     0 up   0 down
Tip: Run mdsstat -h for legend
[Expert@cp-mds:0]# mdsstart 
Starting cpWatchDog
Starting CPM Server ...
[1] 8715
CPM Server is running.
Start Search Infrastructure...
index mode was set to true
startsearch: dbsync does not run on Multi-Domain Security Management
cpwd_admin: 
Process SOLR started successfully (pid=9230) 
Starting RFL ...
cpwd_admin: 
Process RFL started successfully (pid=9262) 
Starting SmartView ...
Starting SmartView...
cpwd_admin: 
Process SMARTVIEW started successfully (pid=9311) 
Start Log Indexer...
cpwd_admin: 
Process INDEXER started successfully (pid=9594) 
Start SmartLog Server... 
cpwd_admin: 
Process SMARTLOG_SERVER started successfully (pid=9806) 

No need to run Adjuster Service - no clients were found
Starting Log Indexer...
[1]  + Done                          /opt/CPsuite-R81.20/fw1/scripts/ngm_start.sh
/opt/CPmds-R81.20/customers: No such file or directory.

 

 

 

[Expert@cp-mds:0]# api status

API Settings:
---------------------
Accessibility:                      Unknown
Automatic Start:                    Unknown

Processes:

Name      State     PID       More Information
-------------------------------------------------
API       Stopped   0         
CPM       Stopped   0         
FWM       Stopped   0         
APACHE    Started   8507      

Port Details:
-------------------
JETTY Internal Port:               0
JETTY Documentation Internal Port: 0
APACHE Gaia Port:                  443

Profile:
-------------------
Machine profile:                   Medium env resources profile
CPM heap size:                     1280m

                          Apache port retrieved from: httpd-ssl.conf


--------------------------------------------
Overall API Status: The API Server Is Not Running!
--------------------------------------------

API readiness test FAILED. The server is down and unable to receive connections!

Notes:
------------
To collect troubleshooting data, please run 'api status -s <comment>'

 

 

 

0 Kudos
2 Solutions

Accepted Solutions
PhoneBoy
Admin
Admin
‎2024-10-03 03:13 PM
In response to LukeDRussell1
Jump to solution

That's barely enough to run a gateway.
MDS needs a lot more resources (at least 32GB RAM, 8 Cores).
Refer to the requirements here: https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_RN/Content/Topics-RN/Open-Se... 

View solution in original post

0 Kudos
LukeDRussell1
Participant
‎2024-10-03 03:16 PM
In response to LukeDRussell1
Jump to solution

I increased the specs in line with the Open Server minimums for MDS (8c, 32GB, 150 GB disk) and it works immediately!

Thanks @PhoneBoy 

View solution in original post

0 Kudos
8 Replies
PhoneBoy
Admin
Admin
‎2024-10-03 06:23 AM
Jump to solution

I suspect these qcow images are not set up to run MDS, which has different requirements than a regular SMS (more disk/RAM, NIC configuration).
What are the specs on the VM you’re attempting to deploy this on? (RAM/CPUs/Disk/NICs)

0 Kudos
(1)
LukeDRussell1
Participant
‎2024-10-03 02:13 PM
In response to PhoneBoy
Jump to solution

It will be easy enough for me to give it more resources. I can't remember where I found the requirements, but I'm currently running 4vCPU, 6 GB, virtio NICs. I'm not sure how big the disks were. One attempt I set the data disk to 100 GB manually.

I'd be happy to take a suggestion on sizing. 

0 Kudos
the_rock
MVP Platinum
MVP Platinum
‎2024-10-03 02:51 PM
In response to LukeDRussell1
Jump to solution

To me, that does not look like the right image for eve-ng. Did you follow below link to make sure naming is right? I know for mds, you would use same image as you were installing regular mgmt. I tested that before in eve-ng, no issues.

Andy

 

https://www.eve-ng.net/index.php/documentation/qemu-image-namings/

Best,
Andy
0 Kudos
LukeDRussell1
Participant
‎2024-10-03 03:10 PM
In response to the_rock
Jump to solution

I'm not using eve-ng.

0 Kudos
the_rock
MVP Platinum
MVP Platinum
‎2024-10-03 05:13 PM
In response to LukeDRussell1
Jump to solution

Sorry my bad for assuming so. Glad you got it working.

Andy

Best,
Andy
0 Kudos
LukeDRussell1
Participant
‎2024-10-03 08:19 PM
In response to the_rock
Jump to solution

I'm using Cisco Modelling Labs, which is built on top of KVM.

I also contributed some configs to CML-Community repo in case anyone else wants to run it. I'll add notes in that about increasing the resources for MDS. 

0 Kudos
PhoneBoy
Admin
Admin
‎2024-10-03 03:13 PM
In response to LukeDRussell1
Jump to solution

That's barely enough to run a gateway.
MDS needs a lot more resources (at least 32GB RAM, 8 Cores).
Refer to the requirements here: https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_RN/Content/Topics-RN/Open-Se... 

0 Kudos
LukeDRussell1
Participant
‎2024-10-03 03:16 PM
In response to LukeDRussell1
Jump to solution

I increased the specs in line with the Open Server minimums for MDS (8c, 32GB, 150 GB disk) and it works immediately!

Thanks @PhoneBoy 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events