Support Center > Search Results > SecureKnowledge Details
How to reset VSX Gateway R77 and above
Solution

Table of Contents:

  • Introduction
  • Limitations
  • Important Notes
  • Procedure
  • Related documentation
  • Related solutions

 

Introduction

Starting in VSX R77, VSX machine can be reset using the 'reset_gw' utility (this saves the time required to re-install the machine from scratch and time required to reconfigure Dynamic Routing).

'reset_gw' is a utility that wipes out all VSX configurations. However, it does not revert the VSX machine to its initial state (i.e., clean installation).

When executed, the 'reset_gw' script performs the following:

  1. Resets SIC on VSX machine.

  2. Disables CoreXL on VSX machine.

  3. Deletes all VSX-related information.

    Note:

    • Old $FWDIR/state/local/VSX/local.vsall file is stored as $FWDIR/state/local/VSX/local.vsall.keep
    • Old $FWDIR/state/local/VSX/local.vskeep file is stored as $FWDIR/state/local/VSX/local.vskeep.keep
    • Old $FWDIR/state/local/VSX/local.vs file is stored as $FWDIR/state/local/VSX/local.vs.keep


  4. Saves Dynamic Routing and DHCP Relay settings that were configured from Clish (in order to allow these settings to be recovered later).

    Note: This step is not relevant for Crossbeam.

    The following settings are saved from all Virtual Systems (except VS0) to the special file '/var/tmp/restore_routed_bindings':

    • ospf
    • bgp
    • rip
    • pim
    • igmp
    • bootp/dhcp relay


  5. Deletes the $FWDIR/conf/masters file.

  6. Automatically reboots the VSX machine.

  7. Creates a log file of all operations - $CPDIR/tmp/resetgw.log
    Make sure to save this log file.

Note: Bond configuration will not be removed and there is no need to restore it at a later time.

 

Limitations

  • VSX reset procedure supports only these VSX versions - R77, R77.10, R77.20 and above, running on Gaia OS or Crossbeam XOS.

  • Check Point services must be started ('cpstart') before starting the VSX reset procedure.

  • On VSX cluster member, the member state must be 'Down' or 'Standby' before starting the VSX reset procedure.

  • VSX reset procedure can be invoked only from the context of VSX itself (VS0).

  • VSX reset procedure supports only DMI configuration.

  • VSX reset procedure automatically disconnects all SSH connections. Therefore, it is strongly recommended to perform this procedure over serial console.

 

Important Notes

  • VSX reset procedure is irreversible.

  • VSX reset procedure re-initializes SIC on VSX machine.

  • VSX reset procedure automatically reboots the VSX machine.

 

Procedure

  1. Connect to command line on VSX machine (recommended - over serial console).

  2. Log in to Expert mode.

  3. Switch to context of VS0:

    [Expert@HostName:0]# vsenv 0

  4. Execute the 'reset_gw' script and follow the on-screen instructions:

    [Expert@HostName:0]# reset_gw

  5. When the reset process is complete, the VSX machine will be automatically rebooted.

 

Notes:

  • After reboot, make sure to save the log file - $CPDIR/tmp/resetgw.log

  • After reboot, the VSX machine will not retain residues of any VSX-related information and will be un-initialized.
    You can either configure the VSX Gateway / VSX cluster member from the scratch, or re-create the previous VSX configuration by running 'vsx_util reconfigure' command on Security Management Server / Domain Management Server that manages this VSX Gateway / VSX Cluster (you have to use the SIC password you created during the VSX reset).

  • If you re-created the previous VSX configuration by running 'vsx_util reconfigure' command and rebooted the VSX machine, then you can restore the saved Dynamic Routing and DHCP Relay settings in the following way:

    Note: This step is not relevant for Crossbeam.

    [Expert@HostName:0]# vsenv 0
    [Expert@HostName:0]# dbset -f /var/tmp/restore_routed_bindings
    [Expert@HostName:0]# dbset :save
    

 

 

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment