Working with VSX Cluster Members

Important - This section does not apply to Scalable Platforms (Maestro and Chassis).

This section presents procedures for adding and deleting VSXClosed Virtual System Extension. Check Point virtual networking solution, hosted on a computer or cluster with virtual abstractions of Check Point Security Gateways and other network devices. These Virtual Devices provide the same functionality as their physical counterparts. ClusterClosed Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing. Members.

Adding a New VSX Cluster Member

Important - Make sure that no other administrators are connected to the Management ServerClosed Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server. before you perform this procedure.

The "vsx_util" command cannot modify the management database, if the database is locked because other administrators are connected.

  1. Install the new VSX Cluster MemberClosed Security Gateway that is part of a cluster..

    See the R81 Installation and Upgrade Guide.

  2. Close all SmartConsoleClosed Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on. windows.

  3. Create a full backup of the environment (see sk100395).

  4. Connect to the command line on the Management Server.

  5. Log in the Expert mode.

  6. Run this command and follow the on-screen instructions:

    vsx_util add_member

    1. Enter the IP address of the Security Management ServerClosed Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server. or Main Domain Management Server.

    2. Enter the Management Server administrator user name and password.

    3. Follow the on-screen instructions.

  7. Wait until the "add member operation finished successfully" message appears, indicating that the database has been successfully updated and saved.

    Note - In a Multi-Domain ServerClosed Dedicated Check Point server that runs Check Point software to host virtual Security Management Servers called Domain Management Servers. Synonym: Multi-Domain Security Management Server. Acronym: MDS. environment, this operation skips all Domain Management Servers locked by an administrator.

    If this should occur, run the command again for the affected Domain Management Servers after they become available.

  8. This prompt appears:

    Do you wish to reconfigure the new VSX gateway/VSX cluster member

    • To reconfigure now (recommended), enter "y" and then:

      1. Wait until the "Reconfigure module operation completed successfully" summary notice appears.

      2. Reboot the new VSX Cluster Member.

    • To reconfigure later, enter "n" and later follow these mandatory steps:

      1. Close all SmartConsole windows.

      2. Connect to the command line on the Management Server.

      3. Log in the Expert mode.

      4. Run this command and follow the on-screen instruction:

        vsx_util reconfigure

      5. Wait until the Reconfigure module operation completed successfully summary notice appears.

        Note - In a Multi-Domain Server environment, this operation skips all Domain Management Servers locked by an administrator.

        If this should occur, run the command again for the affected Domain Management Servers after they become available.

      6. Reboot the new VSX Cluster Member.

  9. Connect to the command line on each VSX Cluster Member.

  10. Examine the VSX Cluster configuration:

    cphaprob state

  11. If the VSX Cluster runs in the VSLS mode:

    1. Connect to the command line on the Management Server.

    2. Log in the Expert mode.

    3. Redistribute Virtual Systems to the newly added VSX Cluster Member:

      vsx_util vsls

    4. Connect to the command line on each VSX Cluster Member.

    5. Examine the VSX Cluster configuration:

      cphaprob state

Deleting a VSX Cluster Member

Important - Make sure that no other administrators are connected to the Management Server before you perform this procedure. The vsx_util command cannot modify the management database if the database is locked.

  1. Close all SmartConsole windows.

  2. Create a full backup of the environment (see sk100395).

  3. Detach the license from the VSX Cluster Member to be removed.

    Otherwise, you cannot remove a VSX Cluster Member.

  4. Close all SmartConsole windows.

  5. Connect to the command line on the Management Server.

  6. Log in the Expert mode.

  7. Run this command and follow the on-screen instructions:

    vsx_util remove_member

    1. Enter the IP address of the Security Management Server or Main Domain Management Server.

    2. Enter the Management Server administrator user name and password.

    3. Enter "y" to confirm that you have detached the license from the VSX Cluster Member.

    4. Select the VSX Cluster.

    5. Select the VSX Cluster Member.

    6. Enter "y" to confirm that the VSX Cluster Member to be removed is disconnected.

  8. Wait until the remove member operation finished successfully message appears.

    Note - In a Multi-Domain Server environment, this operation skips all Domain Management Servers locked by an administrator.

    If this should occur, run the command again for the affected Domain Management Servers after they become available.

    The management database is now updated and saved.

  9. Connect with SmartConsole to the Security Management Server or Main Domain Management Server that manages the VSX Cluster.

  10. From the left navigation panel, click Gateways & Servers.

  11. Double-click the VSX Cluster object.

  12. From the left tree, click Cluster Members.

  13. Make sure you do not see an object representing the removed VSX Cluster Member.