This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
along5664
Participant
‎2024-01-19 12:54 PM
Jump to solution

R81.20 SMS in Proxmox

Has anyone built a SMS using R81.20 in Proxmox? If so can you provide details of how you got it setup?

I have tried the kvm qcow2 file, the open server qcow2 file and the r81.20 iso file. 

Using the kvm qcow2, I can get to a login prompt on console, but def user does not work, I get a permission denied, without an option to put in a pwd.

Same thing for open server qcow2 file, but I can put in a username/pwd. Nothing seems to work.

Using iso file I get to a "boot:" prompt in console and that is as far as it gets.

Thanks for any guidance on this. I do have a tac case open on this as well.

0 Kudos
1 Solution

Accepted Solutions
cassiomaciel
Contributor
Contributor
‎2024-01-20 07:30 AM
Jump to solution

@along5664  you can use. iso to install, at boot prompt, you must type Linux or console ( I'm not sure what I used).

I'm using in my lab and it's working fine. 

View solution in original post

17 Replies
the_rock
Legend
Legend
‎2024-01-19 08:14 PM
Jump to solution

Never in my life heard of proxmox before, but when I googled it, says it can run windows and linux, so since Gaia is based on Linux, technically should work. Just wondering, if you were able to get it to boot up at some point, does it let you go into expert mode? If yes, can you run below 3 commands in expert mode and send the output?

Best,

Andy

1) cpwd_admin list (look for fwm process, does it show E 1)?

2) api status

3) watch -d $FWDIR/scripts/./cpm_status.sh (ctrl+c to stop)

0 Kudos
along5664
Participant
‎2024-01-20 08:07 AM
In response to the_rock
Jump to solution

@along5664  you can use. iso to install, at boot prompt, you must type Linux or console ( I'm not sure what I used).

I'm using in my lab and it's working fine.

 

Using the linux at boot: got me going using the iso.

0 Kudos
Bob_Zimmerman
Authority
Authority
‎2024-01-20 11:04 AM
In response to the_rock
Jump to solution

Proxmox is just a Linux distro with a proprietary frontend for KVM and cgroups, much like EVE-NG. It also bundles ZFS as the default filesystem, placing it head-and-shoulders above other Linux-based hypervisor platforms in capabilities. I still prefer FreeBSD or illumos (especially SmartOS), which both have ZFS, far better container isolation than cgroups can provide, bhyve, and DTrace.

0 Kudos
the_rock
Legend
Legend
‎2024-01-20 11:12 AM
In response to Bob_Zimmerman
Jump to solution

Got it, thanks Bob.

Best,

Andy

0 Kudos
dj0Nz
Advisor
‎2024-04-23 08:38 AM
In response to the_rock
Jump to solution

Late to the show but you might be interested:

We're running Check Point Management servers quite a while now for different customers on Proxmox clusters running on Dell and HP server hardware with no problem at all. All we had to do is to select the LSI 53C895x not the default VirtIO controller because the installer did not find any disks otherwise. But I'm not sure if this is necessary any more. Also, we used Vmxnet3 as network hardware, not Virtio.

I even installed a 81.20 SMS on a Proxmox box in my home lab which runs on cheap consumer hardware (NiPogi AM06, Ryzen 5 5500) and use it for various API development tasks. No problem so far.

Cheers,
Michael

Bob_Zimmerman
Authority
Authority
‎2024-04-23 10:10 AM
In response to dj0Nz
Jump to solution

I don't have a KVM or bhyve host handy at the moment, but it looks like R81.20 has virtio guest drivers:

[Expert@TestSC:0]# fw ver
This is Check Point's software version R81.20 - Build 024
[Expert@TestSC:0]# find / -name *virtio*
/sys/bus/pci/drivers/virtio-pci
/sys/bus/virtio
/sys/bus/virtio/drivers/virtio_blk
/sys/bus/virtio/drivers/virtio_scsi
/sys/module/virtio_blk
/sys/module/virtio_blk/drivers/virtio:virtio_blk
/sys/module/virtio_pci
/sys/module/virtio_pci/drivers/pci:virtio-pci
/sys/module/virtio
/sys/module/virtio/holders/virtio_blk
/sys/module/virtio/holders/virtio_pci
/sys/module/virtio/holders/virtio_scsi
/sys/module/virtio_ring
/sys/module/virtio_ring/holders/virtio_blk
/sys/module/virtio_ring/holders/virtio_pci
/sys/module/virtio_ring/holders/virtio_scsi
/sys/module/virtio_scsi
/sys/module/virtio_scsi/drivers/virtio:virtio_scsi
/etc/sysconfig/mkinitrd/virtio
/usr/lib/modules/3.10.0-1160.15.2cpx86_64/kernel/drivers/addon/virtio_net.ko
/usr/lib/modules/3.10.0-1160.15.2cpx86_64/kernel/drivers/block/virtio_blk.ko
/usr/lib/modules/3.10.0-1160.15.2cpx86_64/kernel/drivers/char/hw_random/virtio-rng.ko
/usr/lib/modules/3.10.0-1160.15.2cpx86_64/kernel/drivers/char/virtio_console.ko
/usr/lib/modules/3.10.0-1160.15.2cpx86_64/kernel/drivers/scsi/virtio_scsi.ko
/usr/lib/modules/3.10.0-1160.15.2cpx86_64/kernel/drivers/virtio
/usr/lib/modules/3.10.0-1160.15.2cpx86_64/kernel/drivers/virtio/virtio.ko
/usr/lib/modules/3.10.0-1160.15.2cpx86_64/kernel/drivers/virtio/virtio_balloon.ko
/usr/lib/modules/3.10.0-1160.15.2cpx86_64/kernel/drivers/virtio/virtio_pci.ko
/usr/lib/modules/3.10.0-1160.15.2cpx86_64/kernel/drivers/virtio/virtio_ring.ko
/usr/lib/modules/3.10.0-1160.15.2cpx86_64/kernel/net/vmw_vsock/vmw_vsock_virtio_transport.ko
/usr/lib/modules/3.10.0-1160.15.2cpx86_64/kernel/net/vmw_vsock/vmw_vsock_virtio_transport_common.ko
/usr/lib64/librte_crypto_virtio.so.21
/usr/lib64/librte_crypto_virtio.so.21.0
/usr/lib64/librte_net_virtio.so.21
/usr/lib64/librte_net_virtio.so.21.0

I would expect virtio storage to work.

dj0Nz
Advisor
‎2024-05-07 10:26 AM
In response to Bob_Zimmerman
Jump to solution

Thanks a lot! Will check that with next installation, sometime next 5-6 weeks I suppose.

0 Kudos
dj0Nz
Advisor
‎2024-05-23 02:12 AM
In response to Bob_Zimmerman
Jump to solution

Yes I can confirm that. Management is running perfectly with virtio drivers 

[Expert@mgmt:0]# lsmod | grep virtio
virtio_console 27864 0
virtio_net 28170 0
virtio_balloon 17924 0
virtio_scsi 18452 3
virtio_blk 18415 0
virtio_pci 22937 0
virtio_ring 22908 6 virtio_console,virtio_net,virtio_balloon,virtio_scsi,virtio_blk,virtio_pci
virtio 14904 6 virtio_console,virtio_net,virtio_balloon,virtio_scsi,virtio_blk,virtio_pci

The only thing that's missing is a qemu-guest-agent package, so VMs have to be shut down before snapshotting them. If I knew which of the "Employees" I can ask for a customized rpm I would offer my infrastructure as a test subject. 😉

0 Kudos
along5664
Participant
‎2024-05-07 10:56 AM
In response to dj0Nz
Jump to solution

We are using some super micro servers, and all is working well for u. I have taken all the defaults and the install went fine.

0 Kudos
cassiomaciel
Contributor
Contributor
‎2024-01-20 07:30 AM
Jump to solution

@along5664  you can use. iso to install, at boot prompt, you must type Linux or console ( I'm not sure what I used).

I'm using in my lab and it's working fine. 

along5664
Participant
‎2024-01-20 08:07 AM
In response to cassiomaciel
Jump to solution

Thanks for this. It worked as expected using linux at the boot:.

mustafa1
Explorer
‎2024-11-20 05:47 AM
In response to along5664
Jump to solution

I'm using proxmox to deploy checkpoint security management server. I used qcow2 image , but I was stuck when it asked for a username and password. It came up with a username and password.

 

 

ckp.png
Preview file
2 KB
the_rock
Legend
Legend
‎2024-11-20 06:16 AM
In response to mustafa1
Jump to solution

Its same on eve-ng as well, but I think you can set your own default password, so can be anything. I could be mistaken about that though, but I do know for CP its always admin/admin and for say basic linux image its usually root/ Test123 or something like that.

Andy

0 Kudos
along5664
Participant
‎2024-11-20 06:17 AM
In response to mustafa1
Jump to solution

I used the iso file and it worked perfect. It will come to a prompt, and you will  need to type linux , and it will boot up and then let you setup per your needs.

0 Kudos
Bob_Zimmerman
Authority
Authority
‎2024-11-20 08:34 AM
In response to mustafa1
Jump to solution

The qcow2 images come in two fundamental variants. One has a name which looks like jaguar_opt_main-777-991001696.qcow2. This has a randomized login password. You must set a login password using cloud-init to be able to log in.

The other variant has a name like jaguar_opt_main-777-991001696_unsecured.qcow2. This has the normal 'admin' login password. This is helpful for troubleshooting cloud-init problems, but it's not a great idea to use it in production. Something could potentially log in before you're able to change the password either manually or via cloud-init.

0 Kudos
PhoneBoy
Admin
Admin
‎2024-11-20 10:12 AM
In response to mustafa1
Jump to solution

I build my image on Promox with the regular installation ISO.

0 Kudos
oa_munich
Contributor
‎2024-11-20 08:29 AM
Jump to solution

You can download a ready-made qcow2 image from here https://support.checkpoint.com/results/sk/sk158292

And import into proxmox using 'qm importdisk'

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top