Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
smismi
Explorer
Jump to solution

During upgrade from 80.40 to R81.10 with MVC on Cluster XL gateway ssh is not possible

We followed the upgrade guide and after installing standby gw to R81,10, after reboot ssh was not possible any more. 

Action plan:

  1. In SmartConsole

    , change the cluster object version to R81.10.

  2. On the Cluster Member

     M3:

    1. Upgrade to R81.10

      Note - If you perform a Clean Install

       of R81.10, then you must establish SIC

       in SmartConsole with this Cluster Member

    2. Enable the MVC

Message was 

[Expert@n.n.n.n]# ssh n.n.n.n

This system is for authorized use only.

admin@n.n.n.n: Permission denied (publickey).

 

Before upgrade login with user passwort was possible and we do not use key auth. 

Only way to connect to 81,10 GW was via smart console, actions  , "open shell" and enable MVC this way.

Is this expected behaviour?

The installation was done on a test system and for production we need to know if smart console is the only way to enable MVC or should ssh working.

 

Serial console is not available in this scenario.

 

Thanks for help in advance.

 

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin

When you do a version upgrade, the system will not have a valid policy until a new one compiled against the target version is pushed from SmartConsole.
That will definitely break SSH (among other things).

View solution in original post

0 Kudos
7 Replies
G_W_Albrecht
Legend
Legend

Which Jumbo Take is installed ? Recommended Take  is 95.

CCSE CCTE CCSM SMB Specialist
0 Kudos
smismi
Explorer

Installed was JHF192 or higher. 

0 Kudos
just13pro
Collaborator

JHF 192 is mostly like version R80.40.

Cause R81.10 currently only in take 95.

0 Kudos
Bob_Zimmerman
Authority
Authority

This can happen if you're connecting through the firewall to some other interface on the standby member. Unless you're running VSX, Check Point firewalls put all interfaces into a single routing table, so they don't really have a "management interface". You should always SSH to the closest interface to you from a routing perspective.

the_rock
Legend
Legend

Can you see if you can ssh from the other member to this one? ssh admin@x.x.x.x

Andy

0 Kudos
PhoneBoy
Admin
Admin

When you do a version upgrade, the system will not have a valid policy until a new one compiled against the target version is pushed from SmartConsole.
That will definitely break SSH (among other things).

0 Kudos
the_rock
Legend
Legend

I dont ever recall losing ssh access when doing cluster upgrade (had done many of them), though I could be mistaken when I say this, but Im pretty positive that even with initial policy loaded, ssh still works, just defaultfilter would block it.

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    Tue 23 Apr 2024 @ 11:00 AM (EDT)

    East US: What's New in R82

    Thu 25 Apr 2024 @ 11:00 AM (SGT)

    APAC: CPX 2024 Recap

    Tue 30 Apr 2024 @ 03:00 PM (CDT)

    EMEA: CPX 2024 Recap

    Thu 02 May 2024 @ 11:00 AM (SGT)

    APAC: What's new in R82

    Tue 23 Apr 2024 @ 11:00 AM (EDT)

    East US: What's New in R82

    Thu 25 Apr 2024 @ 11:00 AM (SGT)

    APAC: CPX 2024 Recap

    Tue 30 Apr 2024 @ 03:00 PM (CDT)

    EMEA: CPX 2024 Recap

    Thu 02 May 2024 @ 11:00 AM (SGT)

    APAC: What's new in R82
    CheckMates Events