After running the 'vsx_util reconfigure' command on Security Management Server / Domain Management Server for a VSX gateway, in rare scenario, the output of the 'vsx stat -v' command on VSX gateway might show Virtual Systems with 'InitialPolicy' and/or 'No Trust'.
Example:
ID | Type & Name | Security Policy | Installed at | SIC Stat
-----+-------------------------+-------------------+-----------------+---------
1 | S vsx_gw_vs1 | InitialPolicy | 22Dec2013 19:39 | Trust
2 | S vsx_gw_vs2 | Some_Policy | 22Dec2013 19:34 | Trust
3 | S vsx_gw_vs3 | InitialPolicy | 22Dec2013 19:40 | No Trust
3 | S vsx_gw_vs3 | Some_Policy | 22Dec2013 19:34 | Trust
4 | S vsx_gw_vs4 | Some_Policy | 22Dec2013 19:36 | Trust
5 | S vsx_gw_vs5 | Some_Policy | 22Dec2013 19:37 | Trust
6 | S vsx_gw_vs6 | Some_Policy> | 22Dec2013 19:33 | Trust
7 | S vsx_gw_vs7 | Some_Policy | 22Dec2013 19:35 | Trust
Issue might occur only in the 'reconfigure' stage - on the 'reconfigured' member - which is not part of the cluster yet.
If output of 'vsx stat -v' command on VSX gateway shows Virtual Systems with 'No Trust':
Mandatory step: After running the 'vsx_util reconfigure' command on Security Management Server / Domain Management Server, it is necessary to reboot the VSX Gateway.
Connect with SmartDashboard to Security Management Server / Domain Management Server that manages the problematic Virtual System.
Double-click on the object of the problematic Virtual System - without changing anything, click on 'OK' - VSX configuration will be pushed to the problematic Virtual System.
Run the 'vsx stat -v' command on VSX gateway to check the Security Policy and SIC Status of the problematic Virtual System.
If the issue persists, reboot the VSX Gateway.
Run the 'vsx stat -v' command on VSX gateway to check the Security Policy and SIC Status of the problematic Virtual System. If the issue persists, contact Check Point Support for assistance.
If output of 'vsx stat -v' command on VSX gateway shows Virtual Systems with 'InitialPolicy' instead of expected policy, but with 'Trust':
Mandatory step: After running the 'vsx_util reconfigure' command on Security Management Server / Domain Management Server, it is necessary to reboot the VSX Gateway.
Connect with SmartDashboard to Security Management Server / Domain Management Server that manages the problematic Virtual System.
Install the relevant policy onto the problematic the Virtual System.
Run the 'vsx stat -v' command on VSX gateway to check the Security Policy and SIC Status of the problematic Virtual System.
If the issue persists, reboot the VSX Gateway.
Run the 'vsx stat -v' command on VSX gateway to check the Security Policy and SIC Status of the problematic Virtual System. If the issue persists, contact Check Point Support for assistance.
If output of 'vsx stat -v' command on VSX gateway shows Virtual Systems with 'InitialPolicy' and with 'No Trust':
Mandatory step: After running the 'vsx_util reconfigure' command on Security Management Server / Domain Management Server, it is necessary to reboot the VSX Gateway.
Connect with SmartDashboard to Security Management Server / Domain Management Server that manages the problematic Virtual System.
Double-click on the object of the problematic Virtual System - without changing anything, click on 'OK' - VSX configuration will be pushed to the problematic Virtual System.
Run the 'vsx stat -v' command on VSX gateway to check the Security Policy and SIC Status of the problematic Virtual System.
If the issue persists, reboot the VSX Gateway.
Install the relevant policy onto the problematic the Virtual System.
Run the 'vsx stat -v' command on VSX gateway to check the Security Policy and SIC Status of the problematic Virtual System.
If the issue persists, reboot the VSX Gateway.
Run the 'vsx stat -v' command on VSX gateway to check the Security Policy and SIC Status of the problematic Virtual System. If the issue persists, contact Check Point Support for assistance.