This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Doeschi
Contributor
‎2023-01-25 05:35 AM
Jump to solution

R81.20 Gateways with CME not supported?

Hi all,

we tried to deploy some new R81.20 gateways in a GWLB setup and failed with the CME setup. We've got the following setup:

Version of the MDS Server:

CheckPoint R81.10 JHF 66

autoprov_cfg -v
CME Version: Build: 991592204 Take: 222

parts of: autoprov_cfg show all
controllers:
"aws_island":
access-key: xxxxxxxxxxxxxxxxxxxxxxx
class: AWS
regions:
- eu-central-1
- eu-south-1
secret-key: "__protected__autoprovision/controllers/xxxxxxxxxxxxxxxxxx/secret-key"
sync:
gateway: true
templates:
- "aws_island_R8040"
- "aws_island_R8120"

templates:
"aws_island_R8120":
application-control: true
health-check-ip-range: "10.123.0.0,10.123.255.255"
identity-awareness: true
ips: true
one-time-password: "__protected__autoprovision/xxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxx/one-time-password"
policy: "AWS_Integration"
send-alerts-to-server: fwlogxxxxxxxxxxxx
send-logs-to-server: fwlogxxxxxxxxxxxxxx
url-filtering: true
version: "R81.20"

----------------------------

cme.log shows:

2023-01-24 15:30:56,437 CME_SERVICE INFO aws_island--i-000bbdec1f6babbd2--eu-central-1 state is changed to: ADDING
2023-01-24 15:30:56,469 CME_SERVICE ERROR Failed to provision the Security Gateway instance aws_island--i-000bbdec1f6babbd2--eu-central-1.
Error details: Management API failure (add-simple-gateway)..
2023-01-24 15:30:56,480 CME_SERVICE ERROR Error traceback: Traceback (most recent call last):
File "/opt/CPcme/service/cme_service.py", line 536, in sync
instance, gw, auto_hf)
File "/opt/CPcme/cp_handlers/mgmt_autoprovision_handler.py", line 1755, in set_gateway
args = self.establish_gateway(instance, gw)
File "/opt/CPcme/cp_handlers/mgmt_autoprovision_handler.py", line 198, in establish_gateway
simple_gateway=simple_gateway)
File "/opt/CPcme/cp_handlers/mgmt_autoprovision_handler.py", line 244, in configure_gateway_metadata
remove_if_ip_exists_in_cpm=True)
File "/opt/CPcme/cp_handlers/mgmt_autoprovision_handler.py", line 286, in add_gateway_to_cpm
self.management(CPMCommand.ADD_SIMPLE_GATEWAY, gw)
File "/opt/CPcme/cp_handlers/mgmt_handler.py", line 177, in __call__
silent=silent)
File "/opt/CPcme/cp_handlers/mgmt_api_handler.py", line 126, in __call__
CMEExceptionCodes.MGMT_API, command=command)
cme_exceptions.cme_exceptions.ManagementApiException: Error Code: Management API error

API call failed with command: add-simple-gateway
Payload: {'name': 'aws_island--i-000bbdec1f6babbd2--eu-central-1', 'ip-address': '10.123.242.12', 'interfaces': [{'name': 'eth0', 'ipv4-address': '10.123.242.12', 'ipv4-mask-length': 28, 'anti-spoofing': False, 'topology': 'internal'}],
*****, 'version': 'R81.20', 'comments': '{tags=managed-virtual-gateway}'}
Error details: {'code': 'generic_err_invalid_parameter', 'message': 'Invalid parameter for [version]. The invalid value [R81.20] should be replaced by one of the following values: [R75.40 and above]'}

While R81.10 seems to work as version string, R81.20 does not ;-). Any ideas?

0 Kudos
1 Solution

Accepted Solutions
natanelm
Employee
Employee
‎2023-01-25 12:18 PM
Jump to solution

Hi @Doeschi,

Please see Jumbo Hotfix Accumulator for R81.10.

JHF take 82 note: Added ability for R81.10 Security Management and Multi-Domain Security Management Server to manage R81.20 Security Gateways. It Requires R81.10 SmartConsole Build 412 (or higher).

You mentioned that your MDS version is R81.10 JHF 66, so you probably need to install JHF take 82 or higher.

Thanks,
Natanel

View solution in original post

0 Kudos
3 Replies
natanelm
Employee
Employee
‎2023-01-25 12:18 PM
Jump to solution

Hi @Doeschi,

Please see Jumbo Hotfix Accumulator for R81.10.

JHF take 82 note: Added ability for R81.10 Security Management and Multi-Domain Security Management Server to manage R81.20 Security Gateways. It Requires R81.10 SmartConsole Build 412 (or higher).

You mentioned that your MDS version is R81.10 JHF 66, so you probably need to install JHF take 82 or higher.

Thanks,
Natanel

0 Kudos
Doeschi
Contributor
‎2023-01-26 12:17 AM
In response to natanelm
Jump to solution

Thanks, must have missed that... will give it a try, upgrading our mds isn't a small task tho 😅

0 Kudos
Amir_Senn
Employee
Employee
‎2023-01-29 01:33 AM
In response to Doeschi
Jump to solution

We started supporting CPUSE upgrade for MDS/MGMT in AWS.

Try with this:
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

 

Kind regards, Amir Senn
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
UPCOMING CLOUDMATES EVENTS
    All CloudMates Events