After discussing the creation of VAP groups and Circuits on Blue Coat’s X-Series under XOS in my previous posts, we can now install the application from a CBI.
The following steps are required for a Check Point installation. For this post I chose a standalone R67 VSX security gateway as an example.
Before installing the Check Point CBI, you should:
- Run the show-application command to view the available CBI files:
- Run the following command to start the installation of the application: application <application name from the selection above> vap-group <VAP_group_name> install
- The installation wizard prompts you to input the following information (Choose ‘y’ or ‘n’).
- Do you accept the license agreement?(Choose ‘y’ or ‘n’)
- Enter the interface name from which you want to manage the VSX system. Please make sure the corresponding circuit has a valid increment-per-vap IP address assigned to it.
- Enter the Secure Internal Communication (SIC) key below.
- Enter local license information (Local license info is the license for the module, by clicking on ‘n’ a trial license will be applied)? (Choose ‘y’ or ‘n’)
- Install Performance Pack?(Choose ‘y’ or ‘n’)
- Install Dynamic Routing? (Choose ‘y’ or ‘n’)
- Enable High Availability/State Synchronization? (Choose ‘y’ or ‘n’, for HA you will answer ‘y’ and be prompted to enter the synchronization circuit name.)
- The installation process of VSX will begin:
- When the installation is finished, run the following command: reload vap-group <vap group name>
- Additional VSX configuration can be done using Check Point SmartDashboard with the Management IPs assigned to the VAP.
- To check the status of the applications running on VAP groups, the following command needs to be run: show application vap-group <VAP group name>
- The output of this command includes the status of the VAPs (Initializing, Up, Down, etc.):
And that’s it! In my next post, I will cover additional configuration of VSX using Check Point SmartDashboard.