vsx_provisioning_tool

This section describes the VSX Provisioning Tool (the vsx_provisioning_tool command).

Syntax

vsx_provisioning_tool -h

vsx_provisioning_tool [-s <Mgmt Server>] {-u <Username> | -c <Certificate>} -p <Password>

      -o <Commands> [-a] -L

      -f <Input File> [-l <Line>] [-a] -L

Parameters

Parameter

Description

-h

Shows the built-in usage.

-s <Mgmt Server>

Specifies the Security Management Server or the applicable Domain Management Server.

Enter the IPv4 or IPv6 address, or the resolvable hostname name.

This parameter is mandatory when you run the tool:

-u <Username>

Specifies the Management Server administrator's user name.

-c <Certificate>

Specifies the path and the name for the Management Server administrator's certificate file.

-p <Password>

Specifies the password of the:

  • Management Server administrator

  • Certificate file

-o <Commands>

Executes the commands you enter on the command line.

See vsx_provisioning_tool Commands.

-f <Input File>

Specifies the path and the name for the file with the commands to execute.

The tool treats all text begins with a hash sign (#) as a comment and ignores it.

This way you can add comments on separate lines, or in-line.

See:

-l <Line>

Specifies the line number in <Input File>, from which to start to execute the commands.

You can use this "-l" parameter only together with the "-f" parameter.

-a

Specifies that before the tool executes the specified commands, it must make sure it can connect to all VSX Gateways.

Note - This does not guarantee that a VSX GatewayClosed Physical server that hosts VSX virtual networks, including all Virtual Devices that provide the functionality of physical network devices. It holds at least one Virtual System, which is called VS0. can successfully apply all the specified commands.

-L

Specifies local authentication mode.

Exit Codes

Exit Code

Description

0

The tool successfully applied all changes, on all VSX ClusterClosed Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing. Members.

1

The tool successfully applied all changes to the management database, but not to all VSX Cluster Members.

2

The tool successfully applied all changes, but SICClosed Secure Internal Communication. The Check Point proprietary mechanism with which Check Point computers that run Check Point software authenticate each other over SSL, for secure communication. This authentication is based on the certificates issued by the ICA on a Check Point Management Server. communication failed to establish with at least one VSX Cluster MemberClosed Security Gateway that is part of a cluster..

3

Connectivity test failed with at least one VSX Cluster Member (if you used the "-a" parameter).

The tool did not apply changes to the management database, or to the VSX Cluster Member.

4

The tool failed to apply changes (due to internal error, syntax error, or another reason).

Note - If commands are executed from a file with multiple transactions, the exit code refers to the last transaction processed.

Example 1

Run the tool on the Security Management Server.

Execute the commands from the text /var/log/vsx.txt file.

vsx_provisioning_tool -s localhost -u admin -p mypassword -f /var/log/vsx.txt

Example 2

Run the tool on the Multi-Domain Server in the context of the Domain Management Server called MyDomain.

Create a new Virtual SystemClosed Virtual Device on a VSX Gateway or VSX Cluster Member that implements the functionality of a Security Gateway. Acronym: VS. object called VS1 on the VSX Cluster object called VSXCluster1

In the new Virtual System object, on the interface eth4, add a VLAN interface with VLAN ID 100 and IPv4 address 1.1.1.1/24.

mdsenv MyDomain

vsx_provisioning_tool -s localhost -u admin -p mypassword -o add vd name VS1 vsx VSXCluster1, add interface name eth4.100 ip 1.1.1.1/24