This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
smismi
Explorer
‎2023-05-31 06:32 AM
Jump to solution

During upgrade from 80.40 to R81.10 with MVC on Cluster XL gateway ssh is not possible

We followed the upgrade guide and after installing standby gw to R81,10, after reboot ssh was not possible any more. 

Action plan:

  1. In SmartConsole

    , change the cluster object version to R81.10.

  2. On the Cluster Member

     M3:

    1. Upgrade to R81.10

      Note - If you perform a Clean Install

       of R81.10, then you must establish SIC

       in SmartConsole with this Cluster Member

    2. Enable the MVC

Message was 

[Expert@n.n.n.n]# ssh n.n.n.n

This system is for authorized use only.

admin@n.n.n.n: Permission denied (publickey).

 

Before upgrade login with user passwort was possible and we do not use key auth. 

Only way to connect to 81,10 GW was via smart console, actions  , "open shell" and enable MVC this way.

Is this expected behaviour?

The installation was done on a test system and for production we need to know if smart console is the only way to enable MVC or should ssh working.

 

Serial console is not available in this scenario.

 

Thanks for help in advance.

 

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2023-05-31 05:38 PM
Jump to solution

When you do a version upgrade, the system will not have a valid policy until a new one compiled against the target version is pushed from SmartConsole.
That will definitely break SSH (among other things).

View solution in original post

0 Kudos
7 Replies
G_W_Albrecht
Legend Legend
Legend
‎2023-05-31 06:43 AM
Jump to solution

Which Jumbo Take is installed ? Recommended Take  is 95.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
smismi
Explorer
‎2023-05-31 07:32 AM
In response to G_W_Albrecht
Jump to solution

Installed was JHF192 or higher. 

0 Kudos
just13pro
Collaborator
‎2023-05-31 06:38 PM
In response to smismi
Jump to solution

JHF 192 is mostly like version R80.40.

Cause R81.10 currently only in take 95.

0 Kudos
Bob_Zimmerman
Authority
Authority
‎2023-05-31 07:56 AM
Jump to solution

This can happen if you're connecting through the firewall to some other interface on the standby member. Unless you're running VSX, Check Point firewalls put all interfaces into a single routing table, so they don't really have a "management interface". You should always SSH to the closest interface to you from a routing perspective.

the_rock
Legend
Legend
‎2023-05-31 08:08 AM
Jump to solution

Can you see if you can ssh from the other member to this one? ssh admin@x.x.x.x

Andy

0 Kudos
PhoneBoy
Admin
Admin
‎2023-05-31 05:38 PM
Jump to solution

When you do a version upgrade, the system will not have a valid policy until a new one compiled against the target version is pushed from SmartConsole.
That will definitely break SSH (among other things).

0 Kudos
the_rock
Legend
Legend
‎2023-06-01 04:22 AM
In response to PhoneBoy
Jump to solution

I dont ever recall losing ssh access when doing cluster upgrade (had done many of them), though I could be mistaken when I say this, but Im pretty positive that even with initial policy loaded, ssh still works, just defaultfilter would block it.

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events