This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
tkerbe
Participant
‎2024-01-10 10:32 AM
Jump to solution

Virtual OVA deployed 81.20 cannot login

Hello,

I work for a very large enterprise and we are in the process of deploying (2) virtual gateways for a PoC in our environment. Our build team has deployed the OVAs on ESXi using what our CheckPoint SE gave us (ivory_main-631-991001385-GW.ova)

Please keep in mind I am very new to CheckPoint appliances and CheckPoint products. This OVA was deployed and I am able to access the CLI via vSphere web console for both VMs. I was prompted with a simple screen that has a banner displaying;"This system is for authorized use only". I utilized admin / admin and it displays; "Login incorrect", on both VMs.

  • I have confirmed with my build team that they deployed the OVA as is and did not change any credentials in the process. Our SE has had us try a couple of different combos, with no luck.
  • Our SE is now deploying their own VM with the exact OVA to see if the same issue happens. 
  • These VMs are both configured with 192.168.1.1 so I cannot access the Gaia web UI.

Am I missing something crucial here? Seems like this should be a very simple step in the deployment. 

 

 

Labels
Preview file
308 KB
2 Solutions

Accepted Solutions
Bob_Zimmerman
MVP Gold
MVP Gold
‎2024-01-10 12:49 PM
Jump to solution

Were they built through a vCenter or directly on an ESXi host? The OVAs need you to set the password via the initial config on a vCenter, but that doesn't work directly on an ESXi host and you won't be able to log in.

You can always just download the ISO image, upload it to the ESXi host, and use it in a virtual optical drive to install the OS.

View solution in original post

(1)
tkerbe
Participant
‎2024-01-11 09:22 AM
Jump to solution

Thank you to everyone who replied. Our SE told us that they had initially sent us the incorrect OVA. Correct OVA was ivory_main-631-991001385_unsecured.ova

This had to do with the original OVA requiring a bunch of parameters to be configured when importing the OVA. If those aren't set initially there is no opportunity to set them later. So our internal build team just left all of this blank and that resulted in a VM that couldn't be configured.

I attached the screenshot of what should have been configured when importing the OVA into ESXi. 

View solution in original post

Preview file
108 KB
(1)
7 Replies
Bob_Zimmerman
MVP Gold
MVP Gold
‎2024-01-10 12:49 PM
Jump to solution

Were they built through a vCenter or directly on an ESXi host? The OVAs need you to set the password via the initial config on a vCenter, but that doesn't work directly on an ESXi host and you won't be able to log in.

You can always just download the ISO image, upload it to the ESXi host, and use it in a virtual optical drive to install the OS.

(1)
tkerbe
Participant
‎2024-01-11 09:23 AM
In response to Bob_Zimmerman
Jump to solution

This is exactly what happened. Our SE sent us the correct OVA that I put in one of my replies on this. Unfortunately since we have a separate build team I didn't get to deploy any of this myself or even see these parameters and the build team always leaves everything blank. 

Thank you for this reply though! I appreciate all of your help. 

the_rock
MVP Diamond
MVP Diamond
‎2024-01-10 07:23 PM
Jump to solution

So the screenshot you attached shows grub password, which is not even set initially. Is it possible someone may had entered different password when going through initial install?

Best,

Andy

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
Bob_Zimmerman
MVP Gold
MVP Gold
‎2024-01-11 08:41 AM
In response to the_rock
Jump to solution

I think you read that backwards. The message is complaining that the GRUB password hasn't been changed. R81.20 makes you set that in config_system or the first-time wizard, so those definitely haven't been completed. I don't recall if deploying the OVA through a vCenter gives you the option to change the GRUB password at the cloud-init level.

0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2024-01-11 09:09 AM
In response to Bob_Zimmerman
Jump to solution

I know thats what it said, but that does not appear to be related to the issue they have. I dont ever recall having to set grub password in R81.20, even in new install.

Andy

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
_Val_
Admin
Admin
‎2024-01-11 12:09 AM
Jump to solution

Did you consider reaching out to the person provided you with the OVA?

0 Kudos
tkerbe
Participant
‎2024-01-11 09:22 AM
Jump to solution

Thank you to everyone who replied. Our SE told us that they had initially sent us the incorrect OVA. Correct OVA was ivory_main-631-991001385_unsecured.ova

This had to do with the original OVA requiring a bunch of parameters to be configured when importing the OVA. If those aren't set initially there is no opportunity to set them later. So our internal build team just left all of this blank and that resulted in a VM that couldn't be configured.

I attached the screenshot of what should have been configured when importing the OVA into ESXi. 

Preview file
108 KB
(1)

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events