Configuring Security Group Members (asg_blade_config)

Description

Use the "asg_blade_config" command in the Expert mode to manage Security Group A logical group of Security Appliances that provides Active/Active cluster functionality. A Security Group can contain one or more Security Appliances. Security Groups work separately and independently from each other. To the production networks, a Security Group appears a single Security Gateway. Every Security Group contains: (A) Applicable Uplink ports, to which your production networks are connected; (B) Security Appliances (the Quantum Maestro Orchestrator determines the applicable Downlink ports automatically); (C) Applicable management port, to which the Check Point Management Server is connected. Members:

Copy the Security Group Member configuration from the local Security Group Member to other Security Group Members in the Security Group
Change the synchronization start IP address
Reset the system uptime value
Get a policy from the Management Server Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server.

Syntax

asg_blade_config

fetch_smc

full_sync <IP Address>

get_smo_ip

is_in_pull_conf_group

is_in_security_group

pull_config

reset_sic -reboot_all <Activation Key>

set_sync_start_ip <Start IP Address>

upgrade_cu

upgrade_start <New Version> [cu]

upgrade_stat

upgrade_stop

Parameters

Parameter	Description
`fetch_smc`	Fetches policy from Management Server and distributes it to all Security Group Members.
`full_sync <IP Address>`	Runs Full Sync with the remote Security Group Member, whose IP address is `<IP Address>`.
`get_smo_ip`	Gets the SMO IP address from the Cluster Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing. Control Protocol (CCP) packets sent in the Security Group.
`is_in_pull_conf_group`	Checks whether the Security Group Member is in the Pulling Configuration Group.
`is_in_security_group`	Checks whether the Security Group Member is in the Security Group.
`pull_config`	Pulls configuration from other Security Group Members.
`reset_sic -reboot_all <Activation Key>`	Starts a Secure Internal Communication (SIC Secure Internal Communication. The Check Point proprietary mechanism with which Check Point computers that run Check Point software authenticate each other over SSL, for secure communication. This authentication is based on the certificates issued by the ICA on a Check Point Management Server.) cleanup. You must enter the `<Activation Key>`. You use this key later in SmartConsole Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on. to establish Secure Internal Communication.
`set_sync_start_ip <Start IP Address>`	Changes the Sync start IP address of local Security Group Member to `<Start IP Address>`.
`upgrade_cu`	Enables the Connectivity Upgrade mode (runs an iteration).
`upgrade_start <New Version> [cu]`	Starts an upgrade procedure from the current version to the `<New Version>`. The "`cu`" parameter uses the Connectivity Upgrade mode.
`upgrade_stat`	Shows the upgrade procedure information.
`upgrade_stop`	Stops the upgrade procedure.

Troubleshooting the asg_blade_config command

To troubleshoot problems associated with the "asg_blade_config" command, examine the logs listed in the $FWDIR/log/blade_config file.

For example, if a Security Group Member unexpectedly reboots, you can search the log file for the word reboot to learn why.