This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
ibrown
Participant
‎2023-11-21 08:55 AM
Jump to solution

Can you upgrade to VSX ?

Hello All,

I've never used VSX before, but have used ClusterXL. I've been tasked with bringing up a VSX cluster as we are consolidating licenses, and currently we are running physical open server installs of Gaia as a ClusterXL pair. Is there a way to convert this to VSX or is it solely from a clean install ?

 

I looked in the docs and the KB and either no-one has ever asked, or it's such a ridiculous question it does not need to be asked.

If the answer is no, I will have to find some new hardware.

Many thanks

Ian

0 Kudos
1 Solution

Accepted Solutions
Wolfgang
Authority
Authority
‎2023-11-21 12:33 PM
Jump to solution

@ibrown I recommend to start from scratch. We tried something similar and this ends up in a nightmare and endless debug sessions with TAC. After some discussions and a good migration plan we configured the VSX clusters from scratch, migrate the firewall instance and everything was fine. Without new hardware you‘ll need a longer maintenance schedule, with new hardware you can switch really smooth and fast. Be aware of the limitations of VSX. Have a look VSX supported features and check with your existing environment.

View solution in original post

0 Kudos
7 Replies
PhoneBoy
Admin
Admin
‎2023-11-21 09:29 AM
Jump to solution

The installation instructions suggest that this is configured from a scratch install of the gateway itself:
https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_Installation_and_Upgrade_Gui... 
You might be able to do a vsx_util reconfigure AFTER resetting SIC on the gateways and creating the relevant objects in SmartConsole (the VSX specific objects) to reattach the gateways as VSX.
However, I have not tested this theory and would recommend setting this up in a lab (can use VMs for this) to verify it works.

the_rock
Legend
Legend
‎2023-11-21 11:42 AM
Jump to solution

I agree with Phoneboy, but to be 100% sure, if you cant set this up in the lab, maybe get an official TAC confirmation. 

Kind regards,

Andy

0 Kudos
Magnus-Holmberg
Advisor
‎2023-11-21 12:31 PM
Jump to solution

Save yourself the trouble and do clean installation on new hardware.
Easiest way to justify this is that VSX will most likely requires somewhat diff physical design.
Small things like you need to have a VS0 and most likely u wanna have that on dedicated interfaces.
(maybe u wanna have a bit larger openservers aswell, when it comes to RAM, NICs)


https://www.youtube.com/c/MagnusHolmberg-NetSec
0 Kudos
genisis__
Leader Leader
Leader
‎2023-11-21 12:37 PM
In response to Magnus-Holmberg
Jump to solution

Agree - stick to the tried and tested way, clean build, on new hardware ideally and ensure you plan, test in lab, and the deploy in live.

0 Kudos
Wolfgang
Authority
Authority
‎2023-11-21 12:33 PM
Jump to solution

@ibrown I recommend to start from scratch. We tried something similar and this ends up in a nightmare and endless debug sessions with TAC. After some discussions and a good migration plan we configured the VSX clusters from scratch, migrate the firewall instance and everything was fine. Without new hardware you‘ll need a longer maintenance schedule, with new hardware you can switch really smooth and fast. Be aware of the limitations of VSX. Have a look VSX supported features and check with your existing environment.

0 Kudos
ibrown
Participant
‎2023-11-22 08:29 AM
Jump to solution

Thanks all. Not what I wanted to hear... but there you are.

 

I will do a test in some VMs but I suspect I will be begging for hardware.

 

Many thanks

0 Kudos
the_rock
Legend
Legend
‎2023-11-22 09:24 AM
In response to ibrown
Jump to solution

I know it may take more time, but will save you headache at the end.

Cheers,

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events