Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Don_Paterson
Advisor

R80.20 M2 MDSM and VSX

I am testing these in a virtual lab and this thread is partly to feed back on the experience but also on the messages that need updating (Tomer this is for you 😉 )

I used CPUSE to do a fresh install of R80.20 M2 on top of what was an R80.10 SMS (was a clean install or R80.10 in November 2017)

The 60GB virtual HDD brought about the first challenge after running the FTW (First Time Wizard) and making it an MDS. (Yes, I know the 60GB is a little less than the recommended 1TB drive). Also had 4 xeon cores and 16GB RAM.

I cannot change these right now and hope to get it working like it is.

The first issue was not being able to connect with SmartConsole (to the new MDS). I had to resize a partition:

lvextend -L +15G /dev/mapper/vg_splat-lv_current
lvdisplay
resize2fs /dev/vg_splat/lv_current
lvdisplay

.

.

--- Logical volume ---
LV Path /dev/vg_splat/lv_current

LV Size                26.00 GiB

.

.

I deleted the Snapshot that CPUSE automatically created before I extended the partition.

Just in case I also set the SmartConsole timeout to 10:00 minutes.

To do that I used SCConfigManager.exe. Personally I think that tool needs to be improved a bit so that it shows the current timeout or at least advises on the default and/or offers an option to set it back to the 1 minute default.

It also does not tell you to exit before the changes are save or if the SmartConsole needs to be restarted.

After getting into the MDS and creating the VSX_Admin domain I had issues with the VSX_Cluster object creation.

I am getting this and working on it:

==========================================

Installing default Policy - VSX_Cluster_VSX on VSX_Cluster...
Policy installation failed on gateway. There is no valid license for the security gateway. To view existing licenses and add new licenses, use SmartUpdate (see sk11054).( message from member A-GW-01 )
Policy installation failed on gateway. There is no valid license for the security gateway. To view existing licenses and add new licenses, use SmartUpdate (see sk11054).( message from member A-GW-02 )
Failed to install default policy VSX_Cluster_VSX on VSX_Cluster

Installing VSX default policy operation has finished with errors.
This could have happen due to time-out while installing security policy.
Check the modules to see if security policy is installed. if so discard
this error message.
If policy is not installed make sure that the failed Virtual System/Router
is accessible from the management server, and that you have a valid license.
Try to install security policy manually from the SmartDashboard.
If the problem persists contact Check Point Technical Support.

Operation has failed.

============================================

The bold text above highlights are areas that need review and/or update by R&D.

I cannot discard the VSX Operation Report (failed report) message without fixing the issue and I have already put 25 VS evals onto the GWs (local lics).

If I click Close and Cancel I am back to having to reset SIC on the R80.10 GWs (VMs - Also R80.10 clean install in Nov. 2017 (and unpatched). They have 30GB virtual drives (4 core and 4GB RAM) but for testing I am hoping this is not an issue.

Next I will disconnect all SmartConsoles and reset SIC and try again before considering creating and applying more eval licenses.

Will update the thread.

Don

0 Kudos
3 Replies
Don_Paterson
Advisor

I was wrong about loosing the VSX_Cluster and member objects (after clicking Cancel).

They've there (although I had to reboot after the SmartConsole hung and java got busy).

Unfortunately they don't have the SIC that was previously established.

Will see if I can get it working and post the results if/when I do.

Don

0 Kudos
Don_Paterson
Advisor

Actually the members will need to be re-added because there is no SIC and not option to reset and red0:

0 Kudos
Don_Paterson
Advisor

I may need to give up on this one. Might be the cloud VMs that are just no good for this lab test and familiarisation exercise I was wanting to do. Running out of time too.

After spinning up a new lab and doing clean installs on bigger virtual disks and adding more resources (and extending console timeouts) I got mixed results (different this time) 

The VSX Cluster wizard reported 'Finish' but the Finish button was greyed out. This was the same for a new virtual switch.

Killing the SmartConsole and logging back into it showed that the changes were successful at least.

I also got a situation where the creation of a DMS/CMA did not complete in the SmartConsole. It showed in the SmartConsole after killing the GUI again but did not show in the mdsstat command.

When will the mdsstat output show something like DMS rather than CMA?

Not a happy or successful lab. Is it all because of the Ravello/Oracle platform....? Will I ever find out...? I hope so.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events