This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
smartfixes
Explorer
Wednesday

Policy error while adding VSX gateway to SmartConsole

Hi everyone, I am trying setup vsx gateway in a lab and while adding the vsx gateway i get this error:

Installing default Policy 'vsx_gw_VSX' on vsx_gw...

Layer : vsx_gw_VSX Network : There is only one interface defined for object gateway. At least one more interface must be configured for this object in order to use the Anti-Spoofing feature.
Policy verification failed.
Failed to install default policy vsx_gw_VSX on vsx_gw

Installing VSX default policy operation has finished with errors.
This could have happen due to time-out while installing security policy.
Check the modules to see if security policy is installed. if so discard
this error message.
If policy is not installed make sure that the failed Virtual System/Router
is accessible from the management server, and that you have a valid license.
Try to install security policy manually from the SmartDashboard.
If the problem persists contact Check Point Technical Support.

Operation has failed.

SIC trust established

I have multiple interface with IP configured on them

vsx mode enabled.

How can I fix this?

0 Kudos
5 Replies
Martijn
Advisor
Advisor
yesterday

Hi,

Are you trying to create a legacy VSX Gateway or a VSNext Gateway? Which version are you using.

Do not configure multiple IP-addressen on a gateway you are going to use as a Legacy VSX Gateway. IP-addresses are configured from SmartConsole. One IP for management is enough to connect to the SmartCenter.

Are Implied Rules disabled? If Implied Rules are disabled the first policy install will fail because control connections are lost.

Regards,
Martijn

 

 

0 Kudos
smartfixes
Explorer
yesterday
In response to Martijn

I am using R81.20. I have even tried it with just management interface. 

0 Kudos
AkosBakos
MVP Silver
MVP Silver
yesterday

Hi!

What is under the Topology section by the interfaces? (Internal, External, etc.)

Akos

----------------
\m/_(>_<)_\m/
0 Kudos
smartfixes
Explorer
yesterday
In response to AkosBakos

It won't get to that point to check topology. Gives error while adding it the first time.

0 Kudos
the_rock
MVP Platinum
MVP Platinum
yesterday
In response to smartfixes

To me, below pretty much explains why this fails. How many interfaces do you have configured? Appears its only one, in which case you can NOT use anti spoofing. More less, thats how it works even on regular gateways, say if you have one interface + sync.

error:

Layer : vsx_gw_VSX Network : There is only one interface defined for object gateway. At least one more interface must be configured for this object in order to use the Anti-Spoofing feature.
Policy verification failed.
Failed to install default policy vsx_gw_VSX on vsx_gw

Best,
Andy
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events