Don Paterson

R80.20 M2 MDSM and VSX

Discussion created by Don Paterson on Jan 22, 2019
Latest reply on Jan 24, 2019 by Don Paterson

I am testing these in a virtual lab and this thread is partly to feed back on the experience but also on the messages that need updating (Tomer this is for you ;-) )

 

I used CPUSE to do a fresh install of R80.20 M2 on top of what was an R80.10 SMS (was a clean install or R80.10 in November 2017)

The 60GB virtual HDD brought about the first challenge after running the FTW (First Time Wizard) and making it an MDS. (Yes, I know the 60GB is a little less than the recommended 1TB drive). Also had 4 xeon cores and 16GB RAM.

I cannot change these right now and hope to get it working like it is.

 

The first issue was not being able to connect with SmartConsole (to the new MDS). I had to resize a partition:

lvextend -L +15G /dev/mapper/vg_splat-lv_current
lvdisplay
resize2fs /dev/vg_splat/lv_current
lvdisplay

.

.

--- Logical volume ---
LV Path /dev/vg_splat/lv_current

LV Size                26.00 GiB

.

.

 

I deleted the Snapshot that CPUSE automatically created before I extended the partition.

 

Just in case I also set the SmartConsole timeout to 10:00 minutes.

To do that I used SCConfigManager.exe. Personally I think that tool needs to be improved a bit so that it shows the current timeout or at least advises on the default and/or offers an option to set it back to the 1 minute default.

It also does not tell you to exit before the changes are save or if the SmartConsole needs to be restarted.

 

After getting into the MDS and creating the VSX_Admin domain I had issues with the VSX_Cluster object creation.

I am getting this and working on it:

 

==========================================

Installing default Policy - VSX_Cluster_VSX on VSX_Cluster...
Policy installation failed on gateway. There is no valid license for the security gateway. To view existing licenses and add new licenses, use SmartUpdate (see sk11054).( message from member A-GW-01 )
Policy installation failed on gateway. There is no valid license for the security gateway. To view existing licenses and add new licenses, use SmartUpdate (see sk11054).( message from member A-GW-02 )
Failed to install default policy VSX_Cluster_VSX on VSX_Cluster

Installing VSX default policy operation has finished with errors.
This could have happen due to time-out while installing security policy.
Check the modules to see if security policy is installed. if so discard
this error message.
If policy is not installed make sure that the failed Virtual System/Router
is accessible from the management server, and that you have a valid license.
Try to install security policy manually from the SmartDashboard.
If the problem persists contact Check Point Technical Support.

Operation has failed.

============================================

 

The bold text above highlights are areas that need review and/or update by R&D.

 

I cannot discard the VSX Operation Report (failed report) message without fixing the issue and I have already put 25 VS evals onto the GWs (local lics).

If I click Close and Cancel I am back to having to reset SIC on the R80.10 GWs (VMs - Also R80.10 clean install in Nov. 2017 (and unpatched). They have 30GB virtual drives (4 core and 4GB RAM) but for testing I am hoping this is not an issue.

 

 

 

Next I will disconnect all SmartConsoles and reset SIC and try again before considering creating and applying more eval licenses.

Will update the thread.

 

Don

Outcomes