Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
thanhlb
Explorer

How to get rid of VSX configuration remaining on a Gateway R80.10

Hi everyone

When I delete a VSX gateway from SmartConsole but in that gateway I still see the configuration of VSX like this:

GW-02:0> fw vsx stat
VSX Gateway Status
==================
Name: GW-02
Access Control Policy: Standard
Installed at: 8May2020 7:40:41
Threat Prevention Policy: <No Policy>
SIC Status: Trust

Number of Virtual Systems allowed by license: 25
Virtual Systems [active / configured]: 0 / 0
Virtual Routers and Switches [active / configured]: 0 / 0
Total connections [current / limit]: 16 / 14900
GW-02:0>

in the booting process still has some error

Installing Security Policy Standard on all.all@GW-02
Fetching Security Policy from localhost succeeded

Fetching VSX Configuration From: 192.168.1.10

Reason: Authentication error [ SIC error no. 147 ] check that peer SIC is configured properly and that system date and time on the Module and peer are sync.

Couldn't fetch VSX configuration by IPs, trying to fetch by names
Fetching VSX Configuration From: CP-MGMT

Reason: Authentication error [ SIC error no. 147 ] check that peer SIC is configured properly and that system date and time on the Module and peer are sync.
Local VSX Configuration is Up-To-Date.
Cleaning un-used Virtual Systems entries (local.vskeep).

Purge operation succeeded.
Fetching Virtual Systems configuration file (local.vsall).

Virtual Systems configuration file installed successfully

...............................................
VSX Configuration fetch from management failed.
Fetching local VSX configuration.
...............................................
Cleaning un-used Virtual Systems entries (local.vskeep)
Fetching Virtual Systems configuration file (local.vskeep).
Purge operation succeeded.
Fetching Virtual Systems configuration file (local.vsall)
This NCS file was already parsed in the past, no need to commit it again
Sending VSX initialization message.
VSX initialization operation succeeded.

Loading Resource Control configuration from $FWDIR/conf/resctrl
Resource Control Monitor is disabled

Resource Control monitoring configuration successfully read.

Configuring QoS

Fetching FW1 Security Policy From: 192.168.1.10

Reason: Authentication error [ SIC error no. 147 ] check that peer SIC is configured properly and that system date and time on the Module and peer are sync.
Policy Fetch Failed
Failed to fetch policy from masters in masters file

So how can I clean all of VSX configuration remaining on that gateway?

Or is there any method to remove VSX gateway except from SmartConsole?

0 Kudos
5 Replies
_Val_
Admin
Admin

You need to reset to factory default or re-image the box

Kaspars_Zibarts
Employee Employee
Employee

Did you run reset_gw command, ideally from console? That should do the trick

_Val_
Admin
Admin

@Kaspars_Zibarts , you are right, with some limitations though.

Quoting from sk101690

'reset_gw' is a utility that wipes out all VSX configurations. However, it does not revert the VSX machine to its initial state (i.e., clean installation).

It is always best to re-install or revert to the original image.

 

HeikoAnkenbrand
Champion Champion
Champion

Hi @thanhlb,

CUT>>>

Reason: Authentication error [ SIC error no. 147 ] check that peer SIC is configured properly and that system date and time on the Module and peer are sync.
<<<CUT

1) Check the date and time (SIC error 147:-) on vsx gateway and management.

2) If that does not help reconfigure the VSX gateway:

On the gateway:

# reset_gw

# cpconfig

    > SIC reset + new SIC pw

On SMS or MDS:

# vsx_util reconfigure -s <MDS/SMS IP> -u <admin>

    > VSX Cluster

    > VSX GW

    > new SIC 

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
thanhlb
Explorer

dear all

after trying several ways like you guy said, it didn't work out except factory reset 🙂

thank you.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events