This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
ramakrishnan
Contributor
‎2023-05-02 06:55 AM

add interface on VSX in MDM/CMA environment

Hello All, 

How to add interface/VLAN[Bond interface] in Checkpoint VSX cluster. I am working in a environment where we keep separate domain for VSX-Management and we are running VSX cluster in different domain; 

In the Checkpoint CLI reference guide  80.40 [page no 1545] saying 

Important - On a Multi-Domain Security Management Server, you must switch to the context of the MainDomain Management Server that manages the VSX Gateway / VSX Cluster object. Use the command "mdsenv " 

Since we are using two different domain for VSX management separately and VS gateway cluster separately

So where we want to create under VSX-Management domain server or VSX Cluster domain server or directly on gateway..?

vsx_provisioning_tool-s localhost -u admin -p mypassword -o add interface vd nprd-vsx name bond1.6 ip 192.16.99.1/25

I can create interfaces directly from smartconsole on VSX gateway object under topology , as we want to create 64 interfaces its really time consuming. Kindly help me. 

If we have I login to MDS and select VSX-Management CMA, how this command will let CMA know which cluster should create interface? Also what does it meant localhost?

0 Kudos
3 Replies
ramakrishnan
Contributor
‎2023-05-03 12:12 AM

mdsenv VSX-Management

vsx_provisioning_tool -s localhost -u admin -p mypassword -o add vd name VS1 vsx VSXCluster1, add interface name eth4.100 ip 1.1.1.1/24

So need to set mdsenv to VSX-Management in the call out the cluster name npd-vsx name bond1.6 192.16.1.99/25

Is that right way to do it...?

0 Kudos
_Val_
Admin
Admin
‎2023-05-03 06:58 AM

It depends. If you need to introduce a new cluster physical interface or a bond, you first do it on your Main Domain, one managing physical VSX cluster object.

If you want to configure a VLAN or add a physical interface already configured on VSX level, to one of the VSs, go to a Target Domain (one managing this VS).

0 Kudos
ramakrishnan
Contributor
‎2023-05-03 07:23 AM
In response to _Val_

Physical interfaces created already and bond also created. I'd like to add VLAN interfaces. 

But when I run target CMA [Actual VS sitting] run the vsx_util show_interfaces command throwing error 

So this can be understand that command only to show VSX interfaces. And now I can directly run vsx_provisioning_tool on target CMA[where actual VSX created] Is that correct?

I have check run this target CMA seeing soem responses, so am i good to execute it?

Note that as said below bond 1 interfaces created already, I am going to add only additional VLANs like 16, 17..18.. etc on same bond1.

vsx_provisioning_tool -s localhost -o show vd name nprd_vsx

[Output is..]

# VS nprd_vsx - interfaces:

add interface vd nprd_vsx_1 name bond1.14 ip 192.168.1.1/29

 

add interface vd nprd_vsx name bond1.15 ip 192.1682.1/29

Also is there any install policy is required? 

No VSX objects/clusters exists in this context.

Please make sure that VSX objects/clusters are installed in this machine and

you entered the Security Management Server/main Domain Management Server IP address.

 

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events