CPUG

The Check Point User Group

A Resource For The Check Point Community.  Fast.  Useful.  Independent.

1. CCSA/CCSE One-Week Dual-Certification Training Course with CPUG in San Francisco!
    Courses Starting 12/8, (2009) 1/19, 2/9, 3/9, 4/6, 5/4, 6/8, 7/6, 8/3.
2. Join Us On LinkedIn - We now have a CPUG group.


Go Back   CPUG: The Check Point User Group > Check Point Firewall-1/VPN-1 And Related Products > SmartCenter Server (Formerly Management Server)
Smartcenter port 257 not open Smartcenter port 257 not open
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 2008-02-11
Junior Member
  
Join Date: 2008-01-14
Posts: 29
Rep Power: 0
anakalem has an average reputation (10+)
Default Smartcenter port 257 not open
Hi All,

I have smartcenter based on R65 and other firewalls using nokia and CP R55, and R60.
currently all the firewalls under that Smartcenter cannot send log via port 257 to firewall. if i telnet the port 257 from the firewall to Smartcnter, it said that connection refused.

i have restarted smartcenter using cpstop and cpstart, still have the same problem.

What the proper workaround and logs for this problem.

Need advise please

thank you

regards
Kalem
Reply With Quote
  #2 (permalink)  
Old 2008-02-11
Senior Member
  
Join Date: 2006-10-23
Posts: 168
Rep Power: 3
Danielpb has an average reputation (10+)
Default Re: Smartcenter port 257 not open
I would first check your rulebase to make sure you have all you firewall mgmt rules in places. You might also want check and confirm all your Natting is correct. I take it you can push a rule change with out any issues?
Reply With Quote
  #3 (permalink)  
Old 2008-02-11
Junior Member
  
Join Date: 2008-01-14
Posts: 29
Rep Power: 0
anakalem has an average reputation (10+)
Default Re: Smartcenter port 257 not open
Hi

Yes, i can do all management with no errors, only the firewall cannot send the logs since the smartcenter refused it. And it happen suddenly.
What service that related to port 257? or logs that related to it?

Thank you

regards

kalem
Reply With Quote
  #4 (permalink)  
Old 2008-02-11
Senior Member
  
Join Date: 2006-10-23
Posts: 168
Rep Power: 3
Danielpb has an average reputation (10+)
Default Re: Smartcenter port 257 not open
Can you confirm the OS the SmartCenter is running on?

Also I very much doubt the Smartcenter it's self is not accepting the logs it's more then likely the firewall protecting it. (You could confirm this with a Tcpdump on the firewall to make sure the firewall is receiving the packets)

You could always revert back to a Database revision (if created) to see if this solves your issue.

Could you give a brief layout of the firewall topology?
Reply With Quote
  #5 (permalink)  
Old 2008-02-11
Junior Member
  
Join Date: 2008-01-14
Posts: 29
Rep Power: 0
anakalem has an average reputation (10+)
Default Re: Smartcenter port 257 not open
Hi,
it is distributed installation. i have 3 firewalls and 1 smartcenter in separate machine. all 3 firewalls log locally since cannot send the log to smartcenter.
simplest tets i've done is login to firewall and do telnet port 257 to smartcenter, and the connection got refused by smartcenter.

I have another set of firewall and smartcenter (different from the first one), and i tried from there the smartcenter accepting port 257 request.

thanks

regards

kalem
Reply With Quote
  #6 (permalink)  
Old 2008-02-11
Junior Member
  
Join Date: 2008-01-14
Posts: 29
Rep Power: 0
anakalem has an average reputation (10+)
Default Re: Smartcenter port 257 not open
hi all,

i found that the firewall sent the log to smartcenter. i sniff in the smartcenter's interface and there is traffic 257 from the firewalls, but the smartcenter refect it. In the TCP Dump, after Syn, the Smartcenter sent reset to firewall.

Anyone ever had the same problem?

advise please...

thank you

regards

Kalem
Reply With Quote
  #7 (permalink)  
Old 2008-02-12
Senior Member
  
Join Date: 2006-10-23
Posts: 168
Rep Power: 3
Danielpb has an average reputation (10+)
Default Re: Smartcenter port 257 not open
You could try a resetting SIC.
Seems odd that the SmartCenter is rejecting the packets. I assume you have no other software running on the SmartCenter which would drop the traffic?
Reply With Quote
  #8 (permalink)  
Old 2008-02-12
Senior Member
  
Join Date: 2007-06-04
Posts: 1,062
Rep Power: 3
mcnallym has an average reputation (10+)
Default Re: Smartcenter port 257 not open
Sounds like the fw_log service has stopped. I would perform a cprestart on the smartcenter to restart the check point services.

fw_log is the service name for tcp257.

I take it that under Global Properties the Accept Control Connections is still ticked.
Reply With Quote
  #9 (permalink)  
Old 2008-02-12
Junior Member
  
Join Date: 2008-01-14
Posts: 29
Rep Power: 0
anakalem has an average reputation (10+)
Default Re: Smartcenter port 257 not open
HI All, thank you for all your response...
yes it is weird, but now it's working again. What i did is restart the smartcenter server (not cpstop and cpstart, but reboot the server).

Since many logs left in my firewalls, how can i transfered and merge into other logs in the Smartcenter?

What i am thinking is:
1. FTP All the logs and dump it into the smartcenter server
2. run cpmerge for merging the logs.

Any other ideas?

Thanks

Kalem
Reply With Quote
  #10 (permalink)  
Old 2008-02-13
Senior Member
  
Join Date: 2007-09-17
Location: Singapore
Posts: 161
Rep Power: 2
chuachongchee has an average reputation (10+)
Default Re: Smartcenter port 257 not open
Quote:
Originally Posted by anakalem View Post
HI All, thank you for all your response...
yes it is weird, but now it's working again. What i did is restart the smartcenter server (not cpstop and cpstart, but reboot the server).

Since many logs left in my firewalls, how can i transfered and merge into other logs in the Smartcenter?

What i am thinking is:
1. FTP All the logs and dump it into the smartcenter server
2. run cpmerge for merging the logs.

Any other ideas?

Thanks

Kalem
No need to do anything... once connectivity is restored, the firewall will resend all the logs to the smartcenter...
Reply With Quote
  #11 (permalink)  
Old 2008-02-14
Junior Member
  
Join Date: 2008-01-14
Posts: 29
Rep Power: 0
anakalem has an average reputation (10+)
Default Re: Smartcenter port 257 not open
Hi

Yes, from my previous understanding, it should be like that. Firewall will send locally-dumped logs automatically to SMartcenter when connection restored. But it doesn't. the logs stay in my firewall and not transfered to my Smartcenter. :(

My log and master setting, i dont use "define locally" but i select the log server manually. is it a good idea?

Thank you

regards
Kalem
Reply With Quote
  #12 (permalink)  
Old 2008-02-14
Senior Member
  
Join Date: 2007-09-17
Location: Singapore
Posts: 161
Rep Power: 2
chuachongchee has an average reputation (10+)
Default Re: Smartcenter port 257 not open
hmmm.. i use the send logs to Pri SCS... if unreachable.. Sec SCS...

Also, for SCS, please do not define any interfaces in the topology tab.. i once had put the eth0 inside and the logging stopped working.. lol
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


All times are GMT -7. The time now is 13:42.

Contact Us - CPUG Home Page - Archive - Top

Powered by vBulletin® Version 3.7.4
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.2.0