Configuration Verifiers
MAC Verification (mac_verifier)
You can run verifiers to make sure the configuration is correct and consistent.
Description
Each MAC address contains information about the Chassis ID, SGM IDs, and interfaces.
Use this command to make sure that the virtual MAC addresses on physical and bond interfaces are the same for all Security Group
A logical group of Security Gateway Modules that provides Active/Active cluster functionality. A Security Group can contain one or more Security Gateway Modules. Security Groups work separately and independently from each other. To the production networks, a Security Group appears a single Security Gateway. Members.
You must run this command in the Expert mode.
Syntax
|
|
|
|
Parameters
|
Parameter |
Description |
|---|---|
|
|
Shows the built-in help. |
|
|
Shows MAC address consistency on the |
|
|
Shows information for each interface MAC Address. |
Examples
Layer 2 Bridge Verifier (asg_br_verifier, asg_brs_verifier)
Description
Use the "asg_br_verifier" command in Gaia gClish The name of the global command line shell in Check Point Gaia operating system for Security Gateway Modules. Commands you run in this shell apply to all Security Gateway Module in the Security Group. or the Expert mode to confirm that there are no bridge configuration problems in Virtual Systems in the Bridge Mode Security Gateway or Virtual System that works as a Layer 2 bridge device for easy deployment in an existing topology..
|
|
Notes:
|
Syntax for the asg_br_verifier command
|
|
|
|
Syntax for the asg_brs_verifier command
|
|
|
|
Parameters
|
Parameter |
Description |
|---|---|
|
|
Shows the built-in help. |
|
No Parameters |
Runs bridge verification on all Virtual Systems. |
|
|
Also shows the table entries (unformatted output). |
|
|
Shows verbose unformatted output. The " |
|
|
Also shows the table summary. |
|
|
Also shows the table entries (formatted output). |
|
|
Shows verbose formatted output. The " |
Examples
Verifying VSX Gateway Configuration (asg vsx_verify)
|
|
Important - Use the HCP Tool (see sk171436) instead of this command. |
Description
The "asg vsx_verify" command replaces the old verifier in the "smo verifiers" command and runs on a VSX Virtual System Extension. Check Point virtual networking solution, hosted on a computer or cluster with virtual abstractions of Check Point Security Gateways and other network devices. These Virtual Devices provide the same functionality as their physical counterparts. system only.
Use this command to confirm that all Security Group Members have the same VSX configuration - Interfaces, Routes, and Virtual Systems.
-
The same MD5 of configuration files that must be identical between Security Group Members.
-
Similarity in configuration files that must be identical, but not necessarily written that way (like the
/config/activefile).The command uses the "
db_cleanup" report to do this. -
The same VSX configuration on Security Group Members.
-
Similarity of VMAC and BMAC addresses.
Use output when there is an inconsistency in the configuration.
The differences are compared in two ways:
-
The return value of the command run on the Security Group Members with the "
gexec_inner_command" -
The output of the commands
Example of a difference in the command output:
When a command fails, the output contains:
|
|
Syntax
|
|
Parameters
|
Parameter |
Description |
|---|---|
|
|
Includes Security Group Members in the Administrative DOWN state |
|
|
Compares:
|
|
|
Includes Virtual Systems configuration verification table |
Examples