I thought that when creating a cluster, the objects of the cluster members would be created automatically.
I did not create the host manually.

Before creating the cluster, I imported objects using the API (ExportImportPolicyPackage-master), but the host in question was not created.

They are NOT created automatically. You need to add them manuially from smart console. As far as smart-1 mgmt server, its expected it does not show up, I cofirmed that with R&D while ago and Im sure it has not changed, at least not in R81.20.

Andy

I see, they are not created automatically.

In that case, was it necessary to create the host as "Gateways and Servers" before creating the cluster with the wizard?

If I create the host in the current state, I think it will be registered as a normal host.

Also, it seems that a duplicate error occurs at the time of creation, but is it okay to ignore this?

• What kind of operation is database installation? Is it different from policy installation?
• I tried cpstop; cpstart on both Smart-1 and SecurityGW, but the situation remains unchanged.
• The results (summary) of CPM Doctor are as follows. It contains some customer information, so if you tell me, I will mask the details as needed and present them.

Version: R81.20
Hot Fixes:
FW1:
HOTFIX_VCE_R81_20_AUTOUPDATE
HOTFIX_NGM_DOCTOR_AUTOUPDATE
HOTFIX_WEBCONSOLE_AUTOUPDATE
HOTFIX_PUBLIC_CLOUD_CA_BUNDLE_AUTOUPDATE
HOTFIX_GOT_TPCONF_MGMT_AUTOUPDATE

MGMT:
NO HOTFIXES..

Setup: Security Management Server
Machine's name: XXXXXXXX
Type: Primary
Date: Tue Aug 27 00:11:54 JST 2024
Running mode: REGULAR

OK Icon 153 Tests Error Icon 1 Tests Warning Icon 2 Tests Info Icon 43 Tests

The following are tests with Alert or higher:

- Missing IpsUpdateInspectFileList
- HTTPSi Rules Exist In Legacy HTTPSi Policy Check
- Test Result Icon Java Xmx Check

Hi @IGSSV 

q: What kind of operation is database installation? Is it different from policy installation?

a: Yes, you can find in the main menu in the top left corner of smartconsole. It related to SmartCenter and Logservers

I prefer manual cluster creation to Wizard. As I see the guys gave tha solution for you. 🙂

Akos

Thank you for your reply.

I tried the database installation, but the situation did not change.

Is it possible that this is happening because the VM has low allocated resources in the test environment?

Virtual Memory: 8GB
Virtual CPU: 2 cores

Think of it this way...installing the database is sort of like pushing policy to the mgmt server (if thats even right way to put it), but its more if you ever create new admin in smart console or something changes in guidbedit, I always install database, simply "refreshes" mgmt database, thats all. You can do that literally any time.

Andy

I understand. Thank you for the clear explanation!

No problem!

Funny you mentioned that sk, as it did come to my mind, since I used it before, but only for groups related to anti-spoofing, nothing else. Not sure it may apply in this scenarion, but definitely worth a try.

Andy

Thank you.

Based on the SK you provided, I was able to find the relevant Security Gateway as a Network Object.

However, there was no cdm_auto_calculated item as mentioned in the SK, so I couldn't do anything further. It seems that the object does exist.

From my lab below (cluster object and cluster members). Can you send what you see in your setup? (just blur out sensitive info).

Btw, what options do you see when you single click on the cluster member object? (bottom pane)?

Thank you for your reply.

I will include a screenshot below.

It seems that there are also member objects, just like in your lab environment.The contents were like this.

I'm trying to write rules for Mgmt for SSH and Snmp

and some PBR

For some reason, when I checked Smart-1 this morning, the object in question appeared. It doesn't show up in the Object Browser, but it is now visible in the Src/Dst selection when registering policies.

I tried installing the database three times as you suggested, the_rock, but I haven't made any other configuration changes.

Thank you for your prompt response.

Well, installing database probably wont make object appear out of the blue in the object list, but I really find it odd that you saw them in guidbedit, but not in smart console. I never had that happen either in the lab or with any customer and I helped hundreds. Either way, sk Phoneboy gave is definitely great reference, but as I mentioned, personally, I ONLY used it for anti-spoofing groups issue not being visible, never for fw object itself.

Andy

This is completely puzzling, but this is the situation now. (See attached image)
There are no issues with policy configuration, so I plan to proceed as is.
Thank you!

The Security Gateways are still not appearing in the Object Browser.

However, the Security Gateways are visible when selecting from the "+" option in the source or destination fields during policy creation.

I will double check my lab tomorrow and update.

Andy