This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
JozkoMrkvicka
Leader
Leader
‎2020-06-28 06:29 AM

LOM on newest Smart-1 appliances

Jump to solution

Hello,

Why newest Smart-1 appliances don't have LOM available, despite the fact there is LOM interface on the appliance ?

For example Smart-1 625 appliance:

image.png

What does it mean "For future use - currently not supported" ? Can we expect this will be allowed by some newest Take, or new version ?

LOM was available for almost all older Smart-1 appliances (25, 25B, 50, 150, 225, 3050, 3150).

LOM port is available on following Smart-1 appliances, but is not working at all:
Smart-1 525
Smart-1 5050
Smart-1 5150
Smart-1 625

Kind regards,
Jozko Mrkvicka
0 Kudos
Reply
1 Solution

Accepted Solutions
Dolev
Employee
Employee
‎2020-09-12 09:55 AM

Jump to solution

Hi,

I am glad to say that enabling and updating iDRAC FW is now available, more info in sk122914, relevant documentation will be modified as well.

Regards,

Dolev

View solution in original post

Reply
13 Replies
PhoneBoy
Admin
Admin
‎2020-07-03 03:59 PM

Jump to solution
Check Point is in the process of integrating the LOM (iDRAC) with GAIA in order to provide more secured and robust operations.
As to when this will be formally supported, I can't say for sure.
I would check with your local Check Point office.
Reply
Joshua_Meetze
Explorer
‎2020-07-30 06:44 AM
In response to PhoneBoy

Jump to solution

Yeah, we have the same issue on our Smart-1 5050 appliances.  Would make me feel a lot better doing a fresh install on my appliances if LOM was working.  Hopefully Checkpoint will have this feature working in the near future.

0 Kudos
Reply
Joshua_Meetze
Explorer
‎2020-07-30 06:46 AM
In response to PhoneBoy

Jump to solution

We have an HA pair of Smart-1 5050 appliances and have been waiting for LOM feature to be enabled since we purchased them.  To me, the LOM is more important on the management appliances that my gateways.  Especially when doing a fresh install.  Hopefully Checkpoint will have this working in the near future.

0 Kudos
Reply
Danny
Champion
Champion
‎2020-09-01 11:19 PM

Jump to solution

Check Point has just removed the LOM checkmark for Smart-1 625 appliances from their Smart-1 Datasheet. I wonder why they didn't remove the checkmark for their other Smart-1 appliances as well as these neither have LOM support (see Known Limitations).

Check Point's newest Smart-1 appliances are DELL Open Servers as mentioned by Check Point. I guess this is why all LOM commands built into the Gaia clish are not working > these are built to run with Check Point LOMs only. iDRAC support is decribed here. On Smart-1 appliances LOM is called iDRAC (integrated DELL Remote Access Controller). Luckily you can still use ipmitool in expert mode to talk to the LOM and check that fans, temperature, voltage and everything is ok. I created a SmartConsole Extension - LOM Info to make LOM checks within SmartConsole really easy. 😊

Reply
_Val_
Admin
Admin
‎2020-09-02 12:42 AM

Jump to solution

@JozkoMrkvicka & @Danny 

AFAIK, there are certain concerns with iDRAC implementation on these servers. Although there are plans to support iDRAC in the future, we are still working on addressing those concerns from our side. LOM support will eventually come, when we are confident that all issues are addressed and do not present security and/or stability risks. However, the process does not only reside in Check Point, other parties are involved. 

If you have a strong case of necessity to use LOM for your SMART-1, you can address this with your local Check Point office.

0 Kudos
Reply
Sven_Glock
Advisor
‎2020-09-08 07:15 AM
In response to _Val_

Jump to solution

I  had  the same issue here. 
When escalating this with your local Check Point team someone from R&D will enable LOM for usage,
but this will happen with a disclaimer. You are responsible for all potential risks coming with activation.

0 Kudos
Reply
Dolev
Employee
Employee
‎2020-09-12 09:55 AM

Jump to solution

Hi,

I am glad to say that enabling and updating iDRAC FW is now available, more info in sk122914, relevant documentation will be modified as well.

Regards,

Dolev

View solution in original post

Reply
JozkoMrkvicka
Leader
Leader
‎2020-09-13 11:55 PM
In response to Dolev

Jump to solution

Hi Dolev,

Thank you for great info.

Did I get it correct, that current LOM (iDRAC) solution for Smart-1 appliances is kind of "iDRAC/LOM EA" ? I am reffering to the EULA disclaimer while setting User.

In R80.30, for Smart-1 5050/5150, we need to install JHF Take 217. I didnt find anything related to LOM/iDRAC for Take 217 within Resolved issues.

Can we expect that firmware upgrade of iDRAC will be part of future R80.x Jumbo ?

When is plan to release "official" support with all the features (without security risks) ?

Thank you.

Kind regards,
Jozko Mrkvicka
0 Kudos
Reply
PhoneBoy
Admin
Admin
‎2020-09-14 06:41 AM
In response to JozkoMrkvicka

Jump to solution

The code for iDRAC has been there for some time but not publicized, thus the comment about the relevant documentation needing to be updated.

0 Kudos
Reply
Svendsen
Explorer
‎2020-11-22 11:10 PM
In response to Dolev

Jump to solution

Just to let you know, there is no explanation on how to upload the firmware.

0 Kudos
Reply
Dolev
Employee
Employee
‎2020-11-22 11:14 PM
In response to Svendsen

Jump to solution

Hi,

The update is done using CPUSE packages, there is a line in the SK with reference to relevant SK.

"For instructions on how to download the relevant CPUSE package, refer to sk92449 - Check Point Upgrade Service Engine (CPUSE) - Gaia Deployment Agent"

 

Regards,

Dolev

0 Kudos
Reply
genisis__
Contributor
‎2020-12-02 07:13 AM
In response to Dolev

Jump to solution

Is there a way to create a admin user?  the SetiDRACUser command seems to only create an operator account, which does not allow the option System Setting > System Update.

I don't have access to the host system yet so cannot copy files to the host and then use cpuse command.

 

0 Kudos
Reply
Dolev
Employee
Employee
‎2020-12-03 12:30 AM
In response to genisis__

Jump to solution

Hi,

We are only allowing an operator user; as mentioned in known limitations under  sk122914 :"Access to iDRAC is available only with restricted operator user"

Regards,

Dolev

0 Kudos
Reply