CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Results 1 to 1 of 1

Thread: Why ever GAiA system thinks its VSX

  1. #1
    Join Date
    2007-03-30
    Location
    DFW, TX
    Posts
    306
    Rep Power
    13

    Default Why ever GAiA system thinks its VSX

    Have you ever noticed every single GAiA system's BASH prompt includes a little ":0" after the hostname? That's used in VSX to indicate which VSID you are currently in. On SecurePlatform, it only appeared on VSX. This patch applied to /etc/bashrc fixes it:
    Code:
    81c81
    < if [ -f /proc/self/vrf ]; then
    ---
    > if [ -d /proc/vrf ] && [ `ls /proc/vrf/ | wc -l` -gt 1 ]; then
    You see, since GAiA has VSX as just an option on any system, they tried to add some logic to figure out whether you're using VSX or not, and only show the VSID if you are. The test they added is flawed, though. They clearly meant to look to see if VRFs are enabled (VSX is just VRF-aware VPN-1 with some provisioning niceties added), so they test for the existence of /proc/self/vrf. The problem is that file exists on every Linux system with a VRF-aware network stack, so that test is always true. My replacement test first checks to see if the /proc/vrf directory exists, then if it does, how many VRFs are defined on the system (each gets a numbered subdirectory in /proc/vrf).

    Edited to add: Forgot to mention I've tested the patch against R77.30. Other versions have similar tests, just located at different lines.

    R80.20 on SmartCenters shows Check Point is moving from VRFs to network namespaces. The firewall version doesn't seem to be quite there yet. The test above should work on R80.20 firewalls, but R80.20 SmartCenters will need something else.
    Last edited by Bob_Zimmerman; 2019-03-18 at 16:53.
    Zimmie

Similar Threads

  1. GAiA System backup with Logs Files
    By abc150781 in forum R77.20
    Replies: 0
    Last Post: 2015-03-13, 04:16
  2. Replies: 3
    Last Post: 2014-11-03, 18:25
  3. Replies: 2
    Last Post: 2014-05-27, 13:30
  4. How do I check system log files on ipso, to check system health etc
    By carl_t in forum Check Point IP Appliances and IPSO (Formerly Sold By Nokia)
    Replies: 4
    Last Post: 2013-10-25, 09:35
  5. Urgent: Help needed with migrating NGx R65 CMA from Solaris 9 system to SPLAT system
    By cciesec2006 in forum Provider-1 (Multi-Domain Management)
    Replies: 7
    Last Post: 2007-12-26, 09:58

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •