Problem with NGX R65

[praful.raut]

Hi,

I have management server installed on vmvare on SPLAT linux system and management client on the same windows machine as gui client.
for the command "fw stat" on management server the result come as
"Local host is not a Firewall-1 module".
but when i check for the ps -ef | grep fwm
the process is running.
In my enviorment ,first the managment client smartdashboard should connect to intermidiate server and then intermidiate server should connect to management server.
port 18190 is use for the connection.
when i tried to connect the management server using smartdashboard client through intermidiate server , i saw the connection between smartdashboard client and management server initiated as per log of the smartview
tracker.but suddnnly then connection lost during loading of the local configuration.then i refresh the connection page and enter the password manually on smartdashboard window and again try to connect then it gets
connected.for the connection lost the message comes as
"Connection can not be initiated please make sure that the server x.x.x.x is up and running and that you are defined as gui client"
If i try to connect management server directlly to management client without intermidiate server then it gets connected.
I think while connection through intermidiate server the problem occurs during loading of management server configuration on intermidiate server or may be problem is related to time out.
One thing more, during connection the first message comes as "connecting to smartserver" then next message window comes as "loading local configuration" then again the first message that is "connectng to smartcenter
server" comes and connection got aborted.
but for the successfull connection only one time "connectiong to smartcenter server" comes.
Is this message related to problem??
I don't know why second time the same message "connecting to smartcenter" comes.
is there any logs store on management server for connection between smartdashboard client and management server??

Any help will be appriciated.

Thanks and Regards,
Praful

[RayPesek]

Hi Praful,

I'm not sure what you mean by "intermediate server." Normally the GUI client connects directly to the SmartCenter server.

Would you please explain this for me?

Ray

[mcnallym]

As Ray says you need to clarify this.

Have you installed a Firewall/VPN Module onto the Management Server. You have said is a Management Server but not said if you actually installed a Firewall Module onto the same box. As such I would say that the output is correct when it says is not a Firewall Module.

The process for a Management and a Firewall Module is the same name and it is the license that determines what is doing. As such just because the process is running it doesn't mean that it is a Firewall Module.

You have said is an Intermediate Server. What software is this Intermediate Server running. Is it a Windows Server that has the Check Point GUI Client installed onto it, and you RDP to the Windows Server, then launch the GUI Client from the Windows Server.

If so is the Windows Server actually defined as a GUI Client, you haven't siad that the Intermediate Server is actually defined as a GUI Client or not. If not then no it won't.

GUI Client to Management Server needs to be direct.

Ie if your client is 192.168.1.1 and the management server is 192.168.10.1 then on the GUI Client you would type 192.168.10.1 as the address to connect to. You cannot type 192.168.10.2 and expect it to connect via an intermediate server. Check Point CPMI doesn't work like this. On the Management Server then 192.168.1.1 would need to be defined as a GUI Client.

If you clarify clearly stating software rather then just saying Intermediate Server then we can probably help you with this.

[praful.raut]

Hi

Thanks for the reply.
The intermidiate server is a linux server.
GUI client is installed on my windows machine. This intermidiate server has web based application and on this intermidiate server i configure the machine on which management server is installed on vmaware.I am using bridged networking for this management server.when i connect the management server through this web based application the GUI client automatically popup and try to connect the management server.while connecting the first message come as "Connecting management server" then second message come as "loading the local configuration" and then again message "Connecting management server" comes and connection got aborted.I know that the connection initializes during the process bz there is a log entry for the connection on the management server when i see the logs using Smart view tracker.Then i refresh the web page on which i did the connection, manually type the password in the GUI client and then press the "OK" button of GUI client and then the connection establishes.
Also i know that during automatic connection GUI client picks the right password bz if passowrd is wrong then the message comes as "authentication fails incorrect username or password".
During all this process SSH type of connection is used.
If I directlly connect the management server using GUI client then there are no issues.
I don't know why the management server NGX R65 showing such a behaviour.
Also on management server firewall module is not present.
I think this problem is related with configuration of management server.
but interisinglly GUI client establishes the connection if i refresh the connection web page and manually enter the password.
Also the connection must go through the intermidiate server.
it is conformed that NGX R60 have no issues.
I think i elaborate the problem.

Any help will be appriciated.

Thanks and Regards,
Praful Raut

[mcnallym]

If I understand this correctly.

There are three machines,

1 Windows Desktop Machine with R65 GUI Client installed.

1 Linux Server running VMWare, and some Web Application that automatically launches the Dashboard Client and attempts to connect to the SMARTCenter which is run on the 3rd machine

1 SMARTCenter run in a VMWare environment with Bridged Network with the Linux Server.

What is this Web Application that does this. is it something like Citrix that is publishing the SMARTConsole application. Where is the SSH coming into this. Is it actually launching the Console on your desktop or it launching a local copy of the console from within the Web Session.

Why do you need such a complicated system, as the SMARTConsole to SMARTCenter communication is already encrypted, and you are still having to distribute the client out to the desktops anyway.

This sounds to me like a security for securities sake rather than a realistic solution to me. Check Point isn't designed to be run like this!

I have come across places that only allow SMARTConsole from one Desktop and you have to Terminal Services into it and then make the SMARTConsole connection from within the Terminal Services Session to the SMARTCenter, but that doesn't sound like what you are doing or is it, but just with a Linux equivalent.

[praful.raut]

Thnx for the reply,
u missunderstood me..
the scenario is like this..
there is windows desktop having management client.
then there is linux server through which all the connection goes..
there is end device i.e management server to which management client need to be connect.
the linux server provides the web based aplication which is use during connection.
The problem is that while connecting to management server management client is sending 2 connection request when automatically invoked using web based application..
but if we manually invoked the management client it sends only one request..
i dont know why management client is sending two request when it automatically invoked.
bz of these two request connection got aborted.
is there anyway to supress the second request..
bz if management clinet sends only one reqest then i can successfylly connect to the management server via linux server without issue.
the intermidiate linux server is use for logging and security purpose.

Regards,
Praful Raut

[mcnallym]

I'm sorry but I really still don't see what you are trying to do. You are being too vague.

I really don't believe that this is a Check Point Issue, as when you use it as it is intended it works fine according to you.

3 Machines, A windows machine with the SMARTConsole installed. A linux server with some sort of Web Application. What is this Web Application?what does it do?, how does it work? The Management Server running SMARTCenter.

When you attempt to connect to the SMARTCenter via the Linux Server you need to very specifically detail out what you are doing, State clearly which machine you are connecting from, which application you are using, which machine you are connecting too and which application connecting too. Break each part of the overall connection down into it's seperate steps and clearly state each step of the connection proces. You also need to be very clear about where this SSH is being used.

I will run through a Windows Desktop to SMARTCenter Server connection

Step 1: On the Windows Desktop, launch the SMARTDashboard Application.
Step 2: Enter the destination as the SMARTCenter Server.
Step 3: The SMARTDashboard application connects to the SMARTCenter Server and logs into the SMARTCenter Application.
Step 4: The security policy and configuration is loaded into the SMARTDashboard running on the Windows Desktop for viewing.

If you run through like this with the Linux Server type connection then we may be able to help you, but at the moment there is insufficent detail in your explanation still. If you don't know this then you aren't going to solve this.

[Danielpb]

Sounds like he's trying to use this Linux device as some kind of central proxy system for all connections.... may be wrong.

Put this way take the Linux server out of the connection does it work?

[mcnallym]

With the mention of SSH then almost as if is making a connection to an SSH server on the Linux Box or 18190 that then makes a connection to the SMARTCenter on 18190 and is trying to redirect the output from the SMARTCenter Server back to the client.

However as the description isn't that good then that is just a guess.

If that is so then I don't see what extra security or logging would get as the SMARTCenter logs all connections in the Audit log so would see who is connecting in from where anyway, and then also what they are doing when logged in.