Why the CheckpointFWContainer is not modeled when the Checkpoint VSX FW is discovered
search cancel

Why the CheckpointFWContainer is not modeled when the Checkpoint VSX FW is discovered

book

Article ID: 211365

calendar_today

Updated On:

Products

CA Spectrum DX NetOps

Issue/Introduction

We are migrating our old spectrum environment to a new one from version 10.4.0 to version 10.4.3, but we have created a completely new environment, in the old environment we have modeled the Checkpoint VSX FW and we get the "CheckpointFWContainer" but in the new one we only see a single physical Firewall, not the container and not the virtual FW in the VSX.

Why the CheckpointFWContainer container model was not modeled?

The CheckpointR80App was modeled.

Environment

Release : 20.2

Component : Spectrum Discovery & Modeling

Cause

The VSX OIDs (1.3.6.1.4.1.2620.1.16) are missing.

This is what is expected from a Checkpoint VSX FW device:

Resolution

Engage the Checkpoint VSX FW device's administrator to identify why the VSX OIDs (1.3.6.1.4.1.2620.1.16) are missing from the walk (sapwalk2 output).

Additional Information

We may need to run the sapwalk2 utility twice, one starting from OID 1.3.6 and another starting from OID 1.3.6.1.4.1.2620.1.16. When the walk starts from OID 1.3.6, the device is skipping the OID 1.3.6.1.4.1.2620.1.16.

Example Authorization and Privacy (-l AP):

sapwalk2.exe -i 1.1.1.1 -v v3 -s 1.3.6 -u <username> -l AP -xt <auth_type(MD5/SHA)>  -xe <DES/3DES/AES128/AES192/AES256) -xa <auth_password> -xp <priv_password> -o CheckpointFW.walk

sapwalk2.exe -i 1.1.1.1 -v v3 -s 1.3.6.1.4.1.2620.1.16 -u <username> -l AP -xt <auth_type(MD5/SHA)>  -xe <DES/3DES/AES128/AES192/AES256) -xa <auth_password> -xp <priv_password> -o CheckpointVSX.walk

Powered by Wolken Software