CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Results 1 to 4 of 4

Thread: Inconsistency switching between VSX contexts

  1. #1
    Join Date
    2007-03-30
    Location
    DFW, TX
    Posts
    171
    Rep Power
    12

    Default Inconsistency switching between VSX contexts

    I just noticed that in CLISH on R77.30 JHFA 292 and R80.10 JHFA 70, when you change between VSs, it gives you the ID you just changed to, but not the name:
    Code:
    someFirewall:0> set virtual-system 6
    Context is set to vsid 6
    someFirewall:6>
    Meanwhile, in BASH, it gives you the name as you change between them:
    Code:
    [Expert@someFirewall:0]# vsenv 6
    Context is set to Virtual Device someFirewall_VS_Name_Here (ID 6).
    [Expert@someFirewall:6]#
    Sure, you can always just run 'show virtual-system all' in CLISH and look up the ID yourself. That is exactly the kind of cross-referencing work computers are supposed to do for us, though. The BASH output is better, because it provides more context to a human operator. CLISH should be changed.



    I also find it bizarre that 'show virtual-system' doesn't work on its own. It requires the 'all' keyword afterwards, but 'all' is the only thing which can go there. Typing 'show vi' and hitting [tab] completes out to 'show virtual-system', but since there are no subsequent options, either 'all' should not be required or the tab completion should fill it in, too.

    CLISH's syntax in general seems very half-baked.
    Zimmie

  2. #2
    Join Date
    2011-08-02
    Location
    http://spikefishsolutions.com
    Posts
    1,608
    Rep Power
    8

    Default Re: Inconsistency switching between VSX contexts

    Looks like clish has a prompt command. I'm assuming you could fix that and submit a patch. ;)

    show clienv prompt

    looks like the default is

    %M>

    Not sure what all the options are, but i'm guessing you could hack something in there to make it more perty.

  3. #3
    Join Date
    2007-03-30
    Location
    DFW, TX
    Posts
    171
    Rep Power
    12

    Default Re: Inconsistency switching between VSX contexts

    Yeah, but I'd rather not have the full VS name in the prompt. Prompts should be short because they're printed on every line of input. Returns from commands can be longer, because they are only printed once.
    Zimmie

  4. #4
    Join Date
    2006-04-27
    Location
    Twillight zone
    Posts
    1,006
    Rep Power
    13

    Default Re: Inconsistency switching between VSX contexts

    While you are at this topic, one things that annoys me is the custom RBA roles with for example Radius users.

    add rba role MyRadiusRole virtual-system-access all

    Will give access to all virtual systems.........that are defined/existing at the time command is run.

    If you create additional VS-es after that, show virtual-system all we not display those new VS-es.

    Sure, one could debate its a security thing....you give access to ALL VS-es at that present time and it shouldn't be valid for future ones, but in reality/practically it's pain in the twerk region.

Similar Threads

  1. E75.30 requests authentication immediately when switching networks
    By TheDuKe_be in forum SecureClient/SecuRemote
    Replies: 0
    Last Post: 2014-04-29, 02:25
  2. CMA state switching
    By brahim94 in forum Installing And Upgrading
    Replies: 0
    Last Post: 2010-10-19, 12:52
  3. error switching on cluster member
    By marcko32 in forum Clustering (Security Gateway HA and ClusterXL)
    Replies: 2
    Last Post: 2010-07-13, 09:50
  4. switching to utm 1 270 total security bundle
    By sushil in forum Check Point UTM-1 Appliances
    Replies: 17
    Last Post: 2010-03-31, 10:22
  5. Switching from eth to ser-1 (T1) for external interface
    By Snowbird in forum Topology Issues
    Replies: 0
    Last Post: 2006-07-27, 16:15

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •