×
 
 
  •  
$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')
BMC Discovery content reference ... What you can discover Network Devices Extended Discovery

Checkpoint VSX Virtual Systems

Starting from TKU August 2020 discovery of the Checkpoint VSX Virtual Systems is supported.

Supported Discovery versions

Checkpoint VSX Virtual Systems discovery is only supported starting from BMC Discovery 11.3 version.

Prerequisites

  • Valid SNMP credentials for Checkpoint VSX device hosting VSX Virtual Systems is the must.
  • For VSX running R80.x GAIA it is possible to discover VSX Virtual System directly via SNMP using VS own IP. However, in order to do so customer needs to configure VSX SNMP VS Direct Access Mode. Please check appropriate Checkpoint VSX administration guide for exact procedure.

Platforms Supported by the Pattern

Pattern supports VSX running both GAIA R7x and R80.x OS versions, but with restrictions for R7x (see below).

How it works

Pattern triggers on Network Device node with 'GAIA' os_type and type 'Firewall'. It then runs SNMP query to get information about the configured VSX Virtual Systems from the vsxStatusTable (OID 1.3.6.1.4.1.2620.1.16.22.1).

For each Virtual System found, pattern creates Virtual Machine node with additional "VSX-related"attributes:

  • policy_name - security policy name;
  • policy_type - security policy type;

Then pattern checks what GAIA version VSX is running. If it's R80.x, pattern tries to find corresponding virtual Network Device representing VSX Virtual System (by checking if vendor is Check Point, device is virtual and its name is VS name).

As it was mentioned before, the only way to directly discover VS via it's own IP (and hence have virtual Network Device discovered) is to enable VS Direct Access Mode on VSX. 


Example of the discovered VSX Network Device with Virtual Machines (each one represents VSX Virtual System) running on it.



Example of the Virtual Machine representing VSX Virtual System. Please notice link to the virtual Network Device ("Contained Virtual Network Device"), as well as to the VSX ("Network Device"). 

 


In the example given below you can see directly discovered virtual Network Device representing VSX Virtual System. Please notice link ("Containing VM") to the Virtual Machine node.

Model

Known limitations

As it was mentioned, VSX SNMP VS Direct Access Mode has to be configured on VSX device in order to directly discover Virtual Systems and hence create appropriate relationships.

Without it, some information like IP addresses or Interfaces of the Virtual Systems will be missing.

Was this page helpful? Yes No Submitting... Thank you
Last modified by Olha Horbachuk on Oct 24, 2023
snmp_extended network_extended

Comments

  1. Sagar Mhamane

    It would be better to update on this page stating that, "The virtual vsx firewall devices have to be scanned separately using valid SNMP credentials in order to create the individual network devices and then the relationship between them will be created." Especially under 'Example of the Virtual Machine representing VSX Virtual System. Please notice link to the virtual Network Device ("Contained Virtual Network Device"), as well as to the VSX ("Network Device").' section.

    Jul 28, 2023 07:44

Log in or register to comment.

Access Points
Cisco ACI
© Copyright 2004 - 2023 BMC Software, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2024 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.