Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Wolfgang
Authority
Authority

problem with VMware vcenter integration R81.10

Hello CheckMates,

we are using VMware vcenter integration with R80.30. Meaning virtual server objects from VMware vcenter server are used in the rulebase as source or destination.

After upgrade to R81.10 policy verification fails 

screenshot.PNG

 

 

 

 

 

 

 

 

 

Any changes with R81.10 and VMware vcenter integration ?

0 Kudos
9 Replies
the_rock
Legend
Legend

Would you mind post a screenshot of the object (just blur out the IP)? I want to try it in my R81.10 lab.

 

Andy

0 Kudos
Wolfgang
Authority
Authority

You can see a part of the rule on the top of my screenshot with the object as destination. The object will be imported from the defined datacenter object. You‘ll need a VMware vcenter for replication.

Switching back to R80.30 or R80.40 let us run the policy verification without problems.

the_rock
Legend
Legend

Definitely seems like an issue, I got exact same thing. Maybe someone from CP will respond and confirm this.

0 Kudos
Wolfgang
Authority
Authority

Very strange…….

Policy install is possible and everything is working fine, only policy verification fails. This should be fixed.

the_rock
Legend
Legend

Yes, correct! I forgot to mention yesterday that policy did work for me as well. I even rebooted both mgmt/fw, but same behavior.

0 Kudos
Lori_Spoznik
Employee
Employee

Hi @Wolfgang 

This is a known issue and will be fixed in the next R81.10 JHF, you can follow this sk175186 

As you mentioned this issue is related just to policy verification and install policy succeeded. 

Thanks,

Lori Spoznik

QA TL,  CloudGuard IaaS

 

 

 

0 Kudos
M_Ruszkowski
Collaborator

Not all limitations are fixed.  We are using mplane separation feature and this broke vcenter integration.  

0 Kudos
Gil_Sudai
Employee
Employee

We added support for mdps feature in the CloudGuard Controller starting with R81.10 jumbo take 79 (need to be installed on the management server). Is that what you are referring here to?

0 Kudos
M_Ruszkowski
Collaborator

That fix only resolves one issue.  It detects if you are running mplane and pushed the file that contains the datacenter objects to /etc/fw/tmp.    The issue is still that CPRID runs on mplane and there is a disconnect between the file and PDP.   If i move CPRID to dplane then I break CDT.  Also the CPRID process doesnt understand that the cluster object IP is defined in the dplane.   

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events