Support Center > Search Results > SecureKnowledge Details
After running 'vsx_util reconfigure' command, output of 'vsx stat -v' might show Virtual Systems with 'InitialPolicy' and/or 'No Trust'
Symptoms
  • After running the 'vsx_util reconfigure' command on Security Management Server / Domain Management Server for a VSX gateway, in rare scenario, the output of the 'vsx stat -v' command on VSX gateway might show Virtual Systems with 'InitialPolicy' and/or 'No Trust'.

    Example:

    ID   | Type & Name             | Security Policy   | Installed at    | SIC Stat
    -----+-------------------------+-------------------+-----------------+---------
       1 | S vsx_gw_vs1            | InitialPolicy     | 22Dec2013 19:39 | Trust
       2 | S vsx_gw_vs2            | Some_Policy       | 22Dec2013 19:34 | Trust   
       3 | S vsx_gw_vs3            | InitialPolicy     | 22Dec2013 19:40 | No Trust
       3 | S vsx_gw_vs3            | Some_Policy       | 22Dec2013 19:34 | Trust   
       4 | S vsx_gw_vs4            | Some_Policy       | 22Dec2013 19:36 | Trust   
       5 | S vsx_gw_vs5            | Some_Policy       | 22Dec2013 19:37 | Trust   
       6 | S vsx_gw_vs6            | Some_Policy>      | 22Dec2013 19:33 | Trust   
       7 | S vsx_gw_vs7            | Some_Policy       | 22Dec2013 19:35 | Trust     
    
  • Issue might occur only in the 'reconfigure' stage - on the 'reconfigured' member - which is not part of the cluster yet.
Solution

This problem was fixed. The fix is included in:

Check Point recommends to always upgrade to the most recent version (upgrade Security Gateway / upgrade VSX / upgrade Security Management Server / upgrade Multi-Domain Security Management Server).

 

For lower versions, follow these steps:

  • If output of 'vsx stat -v' command on VSX gateway shows Virtual Systems with 'No Trust':

    1. Mandatory step: After running the 'vsx_util reconfigure' command on Security Management Server / Domain Management Server, it is necessary to reboot the VSX Gateway.

    2. Connect with SmartDashboard to Security Management Server / Domain Management Server that manages the problematic Virtual System.

    3. Double-click on the object of the problematic Virtual System - without changing anything, click on 'OK' - VSX configuration will be pushed to the problematic Virtual System.

    4. Run the 'vsx stat -v' command on VSX gateway to check the Security Policy and SIC Status of the problematic Virtual System.

    5. If the issue persists, reboot the VSX Gateway.

    6. Run the 'vsx stat -v' command on VSX gateway to check the Security Policy and SIC Status of the problematic Virtual System.
      If the issue persists, contact Check Point Support for assistance.


  • If output of 'vsx stat -v' command on VSX gateway shows Virtual Systems with 'InitialPolicy' instead of expected policy, but with 'Trust':

    1. Mandatory step: After running the 'vsx_util reconfigure' command on Security Management Server / Domain Management Server, it is necessary to reboot the VSX Gateway.

    2. Connect with SmartDashboard to Security Management Server / Domain Management Server that manages the problematic Virtual System.

    3. Install the relevant policy onto the problematic the Virtual System.

    4. Run the 'vsx stat -v' command on VSX gateway to check the Security Policy and SIC Status of the problematic Virtual System.

    5. If the issue persists, reboot the VSX Gateway.

    6. Run the 'vsx stat -v' command on VSX gateway to check the Security Policy and SIC Status of the problematic Virtual System.
      If the issue persists, contact Check Point Support for assistance.


  • If output of 'vsx stat -v' command on VSX gateway shows Virtual Systems with 'InitialPolicy' and with 'No Trust':

    1. Mandatory step: After running the 'vsx_util reconfigure' command on Security Management Server / Domain Management Server, it is necessary to reboot the VSX Gateway.

    2. Connect with SmartDashboard to Security Management Server / Domain Management Server that manages the problematic Virtual System.

    3. Double-click on the object of the problematic Virtual System - without changing anything, click on 'OK' - VSX configuration will be pushed to the problematic Virtual System.

    4. Run the 'vsx stat -v' command on VSX gateway to check the Security Policy and SIC Status of the problematic Virtual System.

    5. If the issue persists, reboot the VSX Gateway.

    6. Install the relevant policy onto the problematic the Virtual System.

    7. Run the 'vsx stat -v' command on VSX gateway to check the Security Policy and SIC Status of the problematic Virtual System.

    8. If the issue persists, reboot the VSX Gateway.

    9. Run the 'vsx stat -v' command on VSX gateway to check the Security Policy and SIC Status of the problematic Virtual System.
      If the issue persists, contact Check Point Support for assistance.

 


 

Related solutions:

Applies To:
  • 01319800 , 01347115 , 01347125 , 01347130 , 01360704 , 01369939

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment