Wednesday, May 8, 2013
VSX provisioning bypass trick does not seem to work on R75.40VS MGMT
WRONG, THIS WORKS. PLEASE SEE MY NEXT POST
I am doing lab trials for all kind of management and enforcement side upgrades for my customers, especially for ones usen VSX and MDM. As part of the MGMT sanity checklist, there are VSX provisioning checks to be sure there is no corruption of VSX objects and topology scripts.
Before R75.40VS there was a way to bypass actual connections to VSX clusters in case you are checking MGMT side only.
To do so, once would put the following set of debug commands in the Main CMA context on MDS machine:
fw debug fwm on TDERROR_ALL_VSXM_DBG_SKIP_PING=INFO
fw debug fwm on TDERROR_ALL_VSXM_DBG_SKIP_INSTALL=INFO
fw debug fwm on TDERROR_ALL_VSXM_DBG_SKIP_PULL_SIC=INFO
Once done, you could simulate topology changes for Virtual Systems to be sure scripts are properly handled. MGMT would generate a script without trying to connect to VSX cluster members and/or executing it on VSX cluster members.
Well, not anymore. With R75.40VS this trick is no longer working. It is even more interesting, just because it seems Check Point specialists are not aware of that. I have asked around and even opened a support call to get an answer.
I will keep you posted about the outcome.