Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
FelipeTropeia
Participant

1490 SMB appliance VPN blade using central mgmt

Hi All,

I'm trying to create a VPN Client (Capsule VPN for ios and android) on one of our 1490 SMB appliances running at R77.20.87 build 004 but the VPN blade is not active.
I have seen on mgmt server is activated and configurable but on the gateway I haven´t seen anything related to VPN.

There are some output logs below:

[Expert@Test]# vpn_configload -d
[ 32516 1737437184]@Test[3 Apr 11:06:01] cp_do_get_ipaddrs: The size needed is [160]
[ 32516 1737437184]@Test[3 Apr 11:06:01] get_CK_for_MAC_based_license_imp: features_str=[CPAP-AP1490 ENF-APP CPSB-FW CPSB-VPN CPSB-SSLVPN-200 CPSB-IA CPSB-ADNC CPSB-ADNC-M CPSB-IPS-S1 CPSB-URLF CPSB-APCL-S1 CPSB-AV CPSB-ABOT-S CPSB-ASPM]
[ 32516 1737437184]@Test[3 Apr 11:06:01] get_CK_for_MAC_based_license_imp: has valid MAC address syntax
[ 32516 1737437184]@Test[3 Apr 11:06:01] licdb_add_license: License was recognized as MAC based license
[ 32516 1737437184]@Test[3 Apr 11:06:01] fwa_set_sfw_installing_local_policy: Setting fwa_db_installing_local_policy to 1.
[ 32516 1737437184]@Test[3 Apr 11:06:01] fwa_set_sfw_convert_local_cfg to TRUE
[ 32516 1737437184]@Test[3 Apr 11:06:01] fwa_set_sfw_convert_local_cfg: Setting fwa_db_convert_local_cfg to 1.
Error: Not in local management mode
Unable to configure appliance:
Internal error.
[Expert@Test]#

 

[Expert@Test]# grep 1 /opt/fw1/conf/active_blades.txt |  awk '{print $1,$3}'

FW

IPS

AV 2

URLF

IA

APCL

AB

[Expert@Test]#

 

Anyone with the same problem or any suggestions?

0 Kudos
7 Replies
G_W_Albrecht
Legend Legend
Legend

I would look into Embedded GAiA WebGUI Dashboard to enable VPN...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
FelipeTropeia
Participant

Hi @G_W_Albrecht 

There is no way to switch from off to on using the webui. I believe somethings is going on when we use SMB appliance in central mgmt. For testing purposes, I have another SMB appliance locally and its possible to see VPN blade enabled. 

0 Kudos
G_W_Albrecht
Legend Legend
Legend

But it shows the VPN blade, disabled ? I would try to install last current firmware using USB and the issue should be resolved...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
FelipeTropeia
Participant

Unfortunately we don´t have remote hands due to covid-19 in our datacentre. In embedded gaia -> Security dashboard-> Remote Access and Site to Site VPN blades are off and there is no way to turn it on.
0 Kudos
PhoneBoy
Admin
Admin

In a centrally-managed SMB configuration, all relevant configuration for VPN is done on central management.
Nothing is configured on the WebUI of the SMB device.
When you push the relevant configuration from Central management, the blades will show as active.
0 Kudos
FelipeTropeia
Participant

Hi @PhoneBoy 

I configured everything on the management server that presents the gateway object as a VPN ticked and all options to be configured, but on the gateway it does not activate the VPN blade.

0 Kudos
HristoGrigorov

Check /var/log/log/sfwd.elg. It is possible that policy was not installed at all.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events