Support Center > Search Results > SecureKnowledge Details
How to reset a VSX Gateway Technical Level
Solution

Table of Contents:

  • Introduction
  • Limitations
  • Important Notes
  • Procedure
  • Related documentation
  • Related solutions

 

Introduction

Starting in VSX R77, VSX machine can be reset using the 'reset_gw' utility (this saves the time required to re-install the machine from scratch and time required to reconfigure Dynamic Routing).

'reset_gw' is a utility that wipes out all VSX configurations. However, it does not revert the VSX machine to its initial state (i.e., clean installation).

When executed, the 'reset_gw' script performs the following:

  1. Resets SIC on VSX machine.

  2. Disables CoreXL on VSX machine.

  3. Deletes all VSX-related information.

    Note:

    • Old $FWDIR/state/local/VSX/local.vsall file is stored as $FWDIR/state/local/VSX/local.vsall.keep
    • Old $FWDIR/state/local/VSX/local.vskeep file is stored as $FWDIR/state/local/VSX/local.vskeep.keep
    • Old $FWDIR/state/local/VSX/local.vs file is stored as $FWDIR/state/local/VSX/local.vs.keep


  4. Saves Dynamic Routing and DHCP Relay settings that were configured from Clish (in order to allow these settings to be recovered later).

    Note: This step is not relevant for Crossbeam.

    The following settings are saved from all Virtual Systems (except VS0) to the special file '/var/tmp/restore_routed_bindings':

    • ospf
    • bgp
    • rip
    • pim
    • igmp
    • bootp/dhcp relay


  5. Deletes the $FWDIR/conf/masters file.

  6. Automatically reboots the VSX machine.

  7. Creates a log file of all operations - $CPDIR/tmp/resetgw.log
    Make sure to save this log file.

Note: Bond configuration will not be removed and there is no need to restore it at a later time.

 

Limitations

  • VSX reset procedure supports only these VSX versions - R77, R77.10, R77.20 and higher, running on Gaia OS or Crossbeam XOS.

  • Check Point services must be started ('cpstart') before starting the VSX reset procedure.

  • On VSX cluster member, the member state must be 'Down' or 'Standby' before starting the VSX reset procedure.

  • VSX reset procedure can be invoked only from the context of VSX itself (VS0).

  • VSX reset procedure supports only DMI configuration.

  • VSX reset procedure automatically disconnects all SSH connections. Therefore, it is strongly recommended to perform this procedure over serial console.

 

Important Notes

  • VSX reset procedure is irreversible.

  • VSX reset procedure re-initializes SIC on VSX machine.

  • VSX reset procedure automatically reboots the VSX machine.
  • VSX reset procedure on Scalable Platforms - In cases where a complete recover is required, this operation should only be valid for a security-group consisted of a single member (SMO only), since only the SMO member will later undergo 'vsx_util reconfigure'. The rest of the SG members will sync with it as they are being added to the SG. Any deviation from these instructions is not valid and may result in unexpected behavior.

 

Procedure

  1. Connect to command line on VSX machine (recommended - over serial console).

  2. Log in to Expert mode.

  3. Switch to context of VS0:

    [Expert@HostName:0]# vsenv 0

  4. Execute the 'reset_gw' script and follow the on-screen instructions:

    [Expert@HostName:0]# reset_gw

  5. When the reset process is complete, the VSX machine will be automatically rebooted.

 

Notes:

  • After reboot, make sure to save the log file - $CPDIR/tmp/resetgw.log

  • After reboot, the VSX machine will not retain residues of any VSX-related information and will be un-initialized.
    You can either configure the VSX Gateway / VSX cluster member from the scratch, or re-create the previous VSX configuration by running 'vsx_util reconfigure' command on Security Management Server / Domain Management Server that manages this VSX Gateway / VSX Cluster (you have to use the SIC password you created during the VSX reset).

  • If you re-created the previous VSX configuration by running 'vsx_util reconfigure' command and rebooted the VSX machine, then you can restore the saved Dynamic Routing and DHCP Relay settings in the following way:

    Note: This step is not relevant for Crossbeam.

    [Expert@HostName:0]# vsenv 0
    [Expert@HostName:0]# dbset -f /var/tmp/restore_routed_bindings
    [Expert@HostName:0]# dbset :save
    

 

 

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment