vsx_provisioning_tool
This section describes the VSX Provisioning Tool (the vsx_provisioning_tool
command).
Description
This tool allows the VSX Virtual System Extension. Check Point virtual networking solution, hosted on a computer or cluster with virtual abstractions of Check Point Security Gateways and other network devices. These Virtual Devices provide the same functionality as their physical counterparts. administrator to add and remove Virtual Devices (Virtual Systems, Virtual Routers, Virtual Switches), interfaces and routes from the command line of a Security Management Server Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server. or Domain Management Server Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server..
This allows the automation of the required VSX Provisioning Check Point Software Blade on a Management Server that manages large-scale deployments of Check Point Security Gateways using configuration profiles. Synonyms: SmartProvisioning, SmartLSM, Large-Scale Management, LSM. operations in the environment.
Syntax
|
|
Parameters
Parameter |
Description |
||
---|---|---|---|
|
Shows the built-in usage. |
||
|
Specifies the Security Management Server or the applicable Domain Management Server. Enter the IPv4 or IPv6 address, or the resolvable hostname name. This parameter is mandatory when you run the tool: |
||
|
Specifies the Management Server administrator's user name. |
||
|
Specifies the path and the name for the Management Server administrator's certificate file. |
||
|
Specifies the password of the:
|
||
|
Executes the commands you enter on the command line. |
||
|
Specifies the path and the name for the file with the commands to execute. The tool treats all text begins with a hash sign (#) as a comment and ignores it. This way you can add comments on separate lines, or in-line. See: |
||
|
Specifies the line number in You can use this " |
||
|
Specifies that before the tool executes the specified commands, it must make sure it can connect to all VSX Gateways.
|
||
|
Specifies local authentication mode. |
Exit Codes
Exit Code |
Description |
---|---|
0 |
The tool successfully applied all changes, on all VSX Cluster Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing. Members. |
1 |
The tool successfully applied all changes to the management database, but not to all VSX Cluster Members. |
2 |
The tool successfully applied all changes, but SIC Secure Internal Communication. The Check Point proprietary mechanism with which Check Point computers that run Check Point software authenticate each other over SSL, for secure communication. This authentication is based on the certificates issued by the ICA on a Check Point Management Server. communication failed to establish with at least one VSX Cluster Member Security Gateway that is part of a cluster.. |
3 |
Connectivity test failed with at least one VSX Cluster Member (if you used the " The tool did not apply changes to the management database, or to the VSX Cluster Member. |
4 |
The tool failed to apply changes (due to internal error, syntax error, or another reason). |
|
Note - If commands are executed from a file with multiple transactions, the exit code refers to the last transaction processed. |
Example 1
Run the tool on the Security Management Server.
Execute the commands from the text /var/log/vsx.txt
file.
|
Example 2
Run the tool on the Multi-Domain Server in the context of the Domain Management Server called MyDomain
.
Create a new Virtual System Virtual Device on a VSX Gateway or VSX Cluster Member that implements the functionality of a Security Gateway. Acronym: VS. object called VS1
on the VSX Cluster object called VSXCluster1
In the new Virtual System object, on the interface eth4
, add a VLAN interface with VLAN ID 100 and IPv4 address 1.1.1.1/24.
|