Support Center > Search Results > SecureKnowledge Details
VSX Provisioning Tool
Solution

Table of Contents:

  • Introduction
  • Availability
  • Limitations
  • Documentation
  • Related solutions

 

Introduction

The VSX Provisioning Tool allows the VSX administrator to add and remove Virtual Devices (VS, VR, VSW), interfaces and routes from the command line of a Security Management Server / Multi-Domain Security Management Server. This allows the automation of the required VSX Provisioning operations in the environment.

VSX Provisioning Tool supports:

  • Security Management Servers / Multi-Domain Security Management Servers - R76, R77, and above.

  • VSX Gateways / VSX Clusters - R75.40VS, R76, R77, and above.

Note: For backward compatibility information, refer to sk113113 - Security Management Servers and supported managed Security Gateways.

 

Availability

The following table provides the VSX Provisioning Tool for Management Servers:

Version of
Management Server
Operating System of
Management Server
Tool
R80 and above (1) Gaia integrated
R76 - R77.30 (2) Gaia / SecurePlatform / Linux OS (BIN)
Windows OS (3) (EXE)

Notes:

  1. Starting in Management Server R80, the VSX Provisioning Tool is integrated ($FWDIR/bin/vsx_provisioning_tool).
  2. For Management Server versions R76 - R77.30, the VSX Provisioning Tool has to be installed
    on the Management Server running on Gaia / SecurePlatform / Linux / Windows OS.
    For installation instructions, refer to the VSX Provisioning Tool Reference Guide.
  3. For Management Server versions R76 - R77.30, the VSX Provisioning Tool can be installed
    on SmartConsole computer running on Windows OS.
    For installation instructions, refer to the VSX Provisioning Tool Reference Guide.

 

Limitations

ID Symptoms
02409327

While adding new routes in a single transaction, routes are added incorrectly, either with a wrong type or with a wrong IP address.
This applies to single transaction additions, either implicitly with the "-o <add route ...>" command, or explicitly with the "-f <file>" command.

Root Cause:

  • In a single transaction, routes must appear in a specific order: 1) routes with "leads_to", 2) routes with "next_hop", 3) routes with "propagate true".

Possible Workarounds:

  • Rearrange the order of the "add route ..." commands in the transaction to the following:
    1. Firstly, put all routes with type "leads_to"
    2. Secondly, put all regular "next_hop" routes without propagation
    3. Finally, put all other routes (such as those with "propagate true")
  • Separate each type of route (as described in the previous method) to its own transaction and run those transactions consecutively.
  • Run each of the "add route ..." command in its own transaction.
    For example, omit "transaction begin/end" tags in a file (Note: This is not recommended).
  • The following awk scriplet can be used to sort existing script files:
    • awk '$2!="route"{print} $2=="route"&& $7=="leads_to"{r1=r1 "\n" $0;next} $2=="route"&& $7=="next_hop"&&NF==8{r2=r2 "\n"$0;next} $2=="route"{r3=r3 "\n" $0} /^transaction end/{$0=""}  END {print r1;print r2;print r3}' script.txt

 

Documentation

 

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment