- Products
- Learn
- Local User Groups
- Partners
- More
Firewall Uptime, Reimagined
How AIOps Simplifies Operations and Prevents Outages
Introduction to Lakera:
Securing the AI Frontier!
Check Point Named Leader
2025 Gartner® Magic Quadrant™ for Hybrid Mesh Firewall
HTTPS Inspection
Help us to understand your needs better
CheckMates Go:
SharePoint CVEs and More!
Has anyone built a SMS using R81.20 in Proxmox? If so can you provide details of how you got it setup?
I have tried the kvm qcow2 file, the open server qcow2 file and the r81.20 iso file.
Using the kvm qcow2, I can get to a login prompt on console, but def user does not work, I get a permission denied, without an option to put in a pwd.
Same thing for open server qcow2 file, but I can put in a username/pwd. Nothing seems to work.
Using iso file I get to a "boot:" prompt in console and that is as far as it gets.
Thanks for any guidance on this. I do have a tac case open on this as well.
@along5664 you can use. iso to install, at boot prompt, you must type Linux or console ( I'm not sure what I used).
I'm using in my lab and it's working fine.
Never in my life heard of proxmox before, but when I googled it, says it can run windows and linux, so since Gaia is based on Linux, technically should work. Just wondering, if you were able to get it to boot up at some point, does it let you go into expert mode? If yes, can you run below 3 commands in expert mode and send the output?
Best,
Andy
1) cpwd_admin list (look for fwm process, does it show E 1)?
2) api status
3) watch -d $FWDIR/scripts/./cpm_status.sh (ctrl+c to stop)
@along5664 you can use. iso to install, at boot prompt, you must type Linux or console ( I'm not sure what I used).
I'm using in my lab and it's working fine.
Using the linux at boot: got me going using the iso.
Proxmox is just a Linux distro with a proprietary frontend for KVM and cgroups, much like EVE-NG. It also bundles ZFS as the default filesystem, placing it head-and-shoulders above other Linux-based hypervisor platforms in capabilities. I still prefer FreeBSD or illumos (especially SmartOS), which both have ZFS, far better container isolation than cgroups can provide, bhyve, and DTrace.
Got it, thanks Bob.
Best,
Andy
Late to the show but you might be interested:
We're running Check Point Management servers quite a while now for different customers on Proxmox clusters running on Dell and HP server hardware with no problem at all. All we had to do is to select the LSI 53C895x not the default VirtIO controller because the installer did not find any disks otherwise. But I'm not sure if this is necessary any more. Also, we used Vmxnet3 as network hardware, not Virtio.
I even installed a 81.20 SMS on a Proxmox box in my home lab which runs on cheap consumer hardware (NiPogi AM06, Ryzen 5 5500) and use it for various API development tasks. No problem so far.
Cheers,
Michael
I don't have a KVM or bhyve host handy at the moment, but it looks like R81.20 has virtio guest drivers:
[Expert@TestSC:0]# fw ver
This is Check Point's software version R81.20 - Build 024
[Expert@TestSC:0]# find / -name *virtio*
/sys/bus/pci/drivers/virtio-pci
/sys/bus/virtio
/sys/bus/virtio/drivers/virtio_blk
/sys/bus/virtio/drivers/virtio_scsi
/sys/module/virtio_blk
/sys/module/virtio_blk/drivers/virtio:virtio_blk
/sys/module/virtio_pci
/sys/module/virtio_pci/drivers/pci:virtio-pci
/sys/module/virtio
/sys/module/virtio/holders/virtio_blk
/sys/module/virtio/holders/virtio_pci
/sys/module/virtio/holders/virtio_scsi
/sys/module/virtio_ring
/sys/module/virtio_ring/holders/virtio_blk
/sys/module/virtio_ring/holders/virtio_pci
/sys/module/virtio_ring/holders/virtio_scsi
/sys/module/virtio_scsi
/sys/module/virtio_scsi/drivers/virtio:virtio_scsi
/etc/sysconfig/mkinitrd/virtio
/usr/lib/modules/3.10.0-1160.15.2cpx86_64/kernel/drivers/addon/virtio_net.ko
/usr/lib/modules/3.10.0-1160.15.2cpx86_64/kernel/drivers/block/virtio_blk.ko
/usr/lib/modules/3.10.0-1160.15.2cpx86_64/kernel/drivers/char/hw_random/virtio-rng.ko
/usr/lib/modules/3.10.0-1160.15.2cpx86_64/kernel/drivers/char/virtio_console.ko
/usr/lib/modules/3.10.0-1160.15.2cpx86_64/kernel/drivers/scsi/virtio_scsi.ko
/usr/lib/modules/3.10.0-1160.15.2cpx86_64/kernel/drivers/virtio
/usr/lib/modules/3.10.0-1160.15.2cpx86_64/kernel/drivers/virtio/virtio.ko
/usr/lib/modules/3.10.0-1160.15.2cpx86_64/kernel/drivers/virtio/virtio_balloon.ko
/usr/lib/modules/3.10.0-1160.15.2cpx86_64/kernel/drivers/virtio/virtio_pci.ko
/usr/lib/modules/3.10.0-1160.15.2cpx86_64/kernel/drivers/virtio/virtio_ring.ko
/usr/lib/modules/3.10.0-1160.15.2cpx86_64/kernel/net/vmw_vsock/vmw_vsock_virtio_transport.ko
/usr/lib/modules/3.10.0-1160.15.2cpx86_64/kernel/net/vmw_vsock/vmw_vsock_virtio_transport_common.ko
/usr/lib64/librte_crypto_virtio.so.21
/usr/lib64/librte_crypto_virtio.so.21.0
/usr/lib64/librte_net_virtio.so.21
/usr/lib64/librte_net_virtio.so.21.0
I would expect virtio storage to work.
Thanks a lot! Will check that with next installation, sometime next 5-6 weeks I suppose.
Yes I can confirm that. Management is running perfectly with virtio drivers
[Expert@mgmt:0]# lsmod | grep virtio
virtio_console 27864 0
virtio_net 28170 0
virtio_balloon 17924 0
virtio_scsi 18452 3
virtio_blk 18415 0
virtio_pci 22937 0
virtio_ring 22908 6 virtio_console,virtio_net,virtio_balloon,virtio_scsi,virtio_blk,virtio_pci
virtio 14904 6 virtio_console,virtio_net,virtio_balloon,virtio_scsi,virtio_blk,virtio_pci
The only thing that's missing is a qemu-guest-agent package, so VMs have to be shut down before snapshotting them. If I knew which of the "Employees" I can ask for a customized rpm I would offer my infrastructure as a test subject. 😉
We are using some super micro servers, and all is working well for u. I have taken all the defaults and the install went fine.
@along5664 you can use. iso to install, at boot prompt, you must type Linux or console ( I'm not sure what I used).
I'm using in my lab and it's working fine.
Thanks for this. It worked as expected using linux at the boot:.
I'm using proxmox to deploy checkpoint security management server. I used qcow2 image , but I was stuck when it asked for a username and password. It came up with a username and password.
Its same on eve-ng as well, but I think you can set your own default password, so can be anything. I could be mistaken about that though, but I do know for CP its always admin/admin and for say basic linux image its usually root/ Test123 or something like that.
Andy
I used the iso file and it worked perfect. It will come to a prompt, and you will need to type linux , and it will boot up and then let you setup per your needs.
The qcow2 images come in two fundamental variants. One has a name which looks like jaguar_opt_main-777-991001696.qcow2. This has a randomized login password. You must set a login password using cloud-init to be able to log in.
The other variant has a name like jaguar_opt_main-777-991001696_unsecured.qcow2. This has the normal 'admin' login password. This is helpful for troubleshooting cloud-init problems, but it's not a great idea to use it in production. Something could potentially log in before you're able to change the password either manually or via cloud-init.
I build my image on Promox with the regular installation ISO.
You can download a ready-made qcow2 image from here https://support.checkpoint.com/results/sk/sk158292
And import into proxmox using 'qm importdisk'
Leaderboard
Epsum factorial non deposit quid pro quo hic escorol.
User | Count |
---|---|
30 | |
16 | |
5 | |
4 | |
4 | |
3 | |
3 | |
3 | |
3 | |
2 |
Tue 07 Oct 2025 @ 10:00 AM (CEST)
Cloud Architect Series: AI-Powered API Security with CloudGuard WAFThu 09 Oct 2025 @ 10:00 AM (CEST)
CheckMates Live BeLux: Discover How to Stop Data Leaks in GenAI Tools: Live Demo You Can’t Miss!Thu 09 Oct 2025 @ 10:00 AM (CEST)
CheckMates Live BeLux: Discover How to Stop Data Leaks in GenAI Tools: Live Demo You Can’t Miss!Wed 22 Oct 2025 @ 11:00 AM (EDT)
Firewall Uptime, Reimagined: How AIOps Simplifies Operations and Prevents OutagesAbout CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY