Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Nüüül
Advisor
Jump to solution

MaaS - Way to troubleshoot the Management Tunnel?

Hi all,

 

at the moment I am playing around with the Management as a Service. Which looks good so far. but there are a few questions:

 

  • possible to delete "connected" gateways? Not all were ever connected successfully. 
    • during troubleshooting i tried to connect my gateway multiple times
  • possible to troubleshoot the MaaS VPN? it gets established for a couple of seconds and then is back disconnected. Therefore no Communication is possible
  • Gateway with trouble is behind another Router, that is doing NAT ( Hiding towards Internet)

 

Thanks

 

Daniel

 

------------------------------------------------------------------------------------------------------------------------

Edit:

OK, rebooting the Gateway (virtual) and the underlying ESXi solved the connection problem. VPN is up and stays at this. \o/ (rebooted the gateway before with no improvement...)

No idea why, but Ok. 

 

But still, information for troubleshooting the maas_tunnel or so would be great 🙂

 

1 Solution

Accepted Solutions
Anat_Eytan-Davi
Employee Alumnus
Employee Alumnus

Connecting a gw to MaaS (new name SmartCloud) includes 2 steps:

1. register the gw in the infinity portal - at the end of this process, a gw object is created in the management and you get a unique authentication token, only then you can run a command on the gw (all information included in the portal) which creates the HTTPs tunnel between the gw and the mgmt, gw can be behind another gw/router.

2. initiate SIC from the management to the gw, same as in an on-prem mgmt.

 

Currently, there is no option to remove "connected" gws in the portal, we will add more actions to the "connected" gws cards in the portal, among them to delete and remove unused gw cards. 

if the gw isn't able to establish the communication with the service, you can check the following:

  1. Verify “Automatically download Blade Contracts and other important data” is enabled.
  2. Verify connectivity from the gateway to the internet and to updates.checkpoint.com

If going forward you still have issues with an unstable communication tunnel between the gateway and the service (which shouldn't be), please contact us maas@checkpoint.com and we will be happy to work with you together to better understand the issue.

Also, feel free to share more feedback.

Anat.

View solution in original post

5 Replies
PhoneBoy
Admin
Admin

@Anat_Eytan-Davi do we have any info on Troubleshooting issues with maas_tunnel?

0 Kudos
Anat_Eytan-Davi
Employee Alumnus
Employee Alumnus

Connecting a gw to MaaS (new name SmartCloud) includes 2 steps:

1. register the gw in the infinity portal - at the end of this process, a gw object is created in the management and you get a unique authentication token, only then you can run a command on the gw (all information included in the portal) which creates the HTTPs tunnel between the gw and the mgmt, gw can be behind another gw/router.

2. initiate SIC from the management to the gw, same as in an on-prem mgmt.

 

Currently, there is no option to remove "connected" gws in the portal, we will add more actions to the "connected" gws cards in the portal, among them to delete and remove unused gw cards. 

if the gw isn't able to establish the communication with the service, you can check the following:

  1. Verify “Automatically download Blade Contracts and other important data” is enabled.
  2. Verify connectivity from the gateway to the internet and to updates.checkpoint.com

If going forward you still have issues with an unstable communication tunnel between the gateway and the service (which shouldn't be), please contact us maas@checkpoint.com and we will be happy to work with you together to better understand the issue.

Also, feel free to share more feedback.

Anat.

Nüüül
Advisor

Hello,

 

During troubleshooting some of my own "dumb behaviour tests  😁" I just saw, that you managed to add a remove functionality for MAAS Gateways! Thanks for that!

Will see if I can manage to write down a bit about my experiences with MAAS over the last months.

 

Cheers

 

Daniel

0 Kudos
Anat_Eytan-Davi
Employee Alumnus
Employee Alumnus

Thank you Daniel, indeed we have added an option to delete/remove a gateway registration card from the portal.

Also, I'm inviting you to check our administration guide with a new section for troubleshooting and advanced configuration.

we are constantly updating the admin guide with more information, please feel free to share if something is missing.

j_silva
Contributor

Recently i was facing a problem related to maas_tunnel. The output command cphaprob stat show that one of the node of the cluster was Down. According to output the reason is "Cluster Control Protocol packets are not received"

Someone has some explanation about it?

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events