CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Results 1 to 14 of 14

Thread: Enabling smartportal on R70 SPLAT

  1. #1
    Join Date
    2008-08-07
    Posts
    204
    Rep Power
    12

    Default Enabling smartportal on R70 SPLAT

    Hi ,

    I have a
    standalone production R70 SPLAT. I just started the sysconfig /Product
    Installation and installed the Management Portal. I didnt rebooted or
    cpstoped the gateway since its serving. I opened the Smartdashboard
    opened my fws object checked the Management portal on the General
    properties and installed the database and installed the policy Then
    opened up my browser and wrote https://myfirewallsip:4433 but nothing
    opened (https://myfirewallsip works fine). I also used telnet to accee
    myfirewallsip 4433 but nothing opened. So is there something to make
    this managemnet portal etc work? Or what to fix? Need a reboot or
    cpstop cpstart etc?


    Regards

  2. #2
    Join Date
    2008-08-07
    Posts
    204
    Rep Power
    12

    Default Re: Enabling smartportal on R70 SPLAT

    Hi,
    I still didnt rebooted but added port 4433 access from my PC to
    firewall and was able to open the https://myfirewall:4433. But when i
    used my credentials i got below error:

    Cannot login.
    Make sure the device is up and running, and that you are allowed to
    login from this machine.

    But my PC is at the web/ssh client list which also i can access and
    login to the https://myfirewall (Also checked the /etc/hostsallowed
    file and yes im there. My user has also many rights even managing the
    administrators.
    Regards

  3. #3
    Join Date
    2007-06-04
    Posts
    3,301
    Rep Power
    17

    Default Re: Enabling smartportal on R70 SPLAT

    License ?

  4. #4
    Join Date
    2008-08-07
    Posts
    204
    Rep Power
    12

    Default Re: Enabling smartportal on R70 SPLAT

    Hi,

    I have ran cplic check swp (which i saw on a books Smartportal part) I get the below answer:

    cplic check 'swp': license valid

    So i guess the license seems to be ok?

    Regards

  5. #5
    Join Date
    2007-06-04
    Posts
    3,301
    Rep Power
    17

    Default Re: Enabling smartportal on R70 SPLAT

    Just re-read your opening part.

    You have never restarted the check point services or rebooted the box since installing the smartportal.

    You would need to restart the check point services to get the SMARTportal correctly going, same as if you change settings on the cpconfig menu.

    The web/ssh client list is for the WebUI of the SPLAT box, not SMARTportal, ie you can fire up the WebUI of the actual SPLAT box.

    The https://myfirewallsip working suggests that the WebUI of the device is running on standard https port.

    sounds like the smartportal is running but not linked into the rest of the system properly which the cpstop;cpstart should fix.

    Is part of the many reasons why I don't like standalone boxes but prefer the seperate smartcenter and gateway.

  6. #6
    Join Date
    2008-08-07
    Posts
    204
    Rep Power
    12

    Default Re: Enabling smartportal on R70 SPLAT

    What advantages do you get from having seperate smartcenter and gateways? On your machines how much time do your machines take to cpstop cpstart?

    Regards .

  7. #7
    Join Date
    2007-06-04
    Posts
    3,301
    Rep Power
    17

    Default Re: Enabling smartportal on R70 SPLAT

    Is only a few minutes to do a cpstop;cpstart.

    The Main advantage that I find is that you aren't stuck with one box.

    You can perform upgrades on the Management whilst leaving the gateway alone, in this case you just cpstop;cpstart the management server to get the smartportal working and the gateway is left keeping running along. If the Management Upgrade doesn't go well then the gateway isn't affected.

    You can easily expand to a HA system if necessary without having to split the existing system. You can build the HA box as if part of the cluster, then swap in and remove the existing gateway and then whilst the other device is carrying the load rebuild the existing one and add to the cluster.

    If the gateway fails then can get up and running quickly as only need to build a new gateway and push the policy.

    If the management server fails then the gateway keeps going whilst you restore the management server from the backup you have.

    Have had instances where lose connectivity into the Managemnet and have to reboot the device to restore access, which if one box loses your gateway as well

  8. #8
    Join Date
    2009-04-30
    Location
    Colorado, USA
    Posts
    2,248
    Rep Power
    14

    Default Re: Enabling smartportal on R70 SPLAT

    Just run smartportalstart on your Security Management server. Also do a netstat -an | grep 4433 afterwards to make sure the Management Portal is listening. If not do a cprestart.

  9. #9
    Join Date
    2008-08-07
    Posts
    204
    Rep Power
    12

    Default Re: Enabling smartportal on R70 SPLAT

    Hi i already found the smartportalstart and smartportalstop by lookking at the directories but they still didnt help me to login to the smartportal i only can reach the main page. I also found an artickle on Checkpoint Support site titled as "Debugging SmartPortal NGX" sk31023 and done the commands giving there but the output logs doesnt seem yet meanfull to me. (also i see ery little articles on Checkpoint site). I still havent done cpstart cpstop cause i need to get oral permission for breaking the operation

  10. #10
    Join Date
    2008-08-07
    Posts
    204
    Rep Power
    12

    Default Re: Enabling smartportal on R70 SPLAT

    also im adding the netstat output here you to see


    tcp 0 0 0.0.0.0:4433 0.0.0.0:* LISTEN



    Regards

  11. #11
    Join Date
    2008-08-07
    Posts
    204
    Rep Power
    12

    Default Re: Enabling smartportal on R70 SPLAT

    Hi , i was able to cpstart and cpstop and yes it helped im able to login now. But now i cant get a view of the main policy it makes me wait but unable to open which is nearly 100-110 rules but when i select other policies with 50 or 2 rules it views. I need to fix this. Regards

  12. #12
    Join Date
    2005-08-29
    Location
    Upstate NY
    Posts
    2,720
    Rep Power
    16

    Default Re: Enabling smartportal on R70 SPLAT

    IIRC that was fixed in one of the HFA's (I think it was R70 that I ran into the problem).

  13. #13
    Join Date
    2008-08-07
    Posts
    204
    Rep Power
    12

    Default Re: Enabling smartportal on R70 SPLAT

    thank you i usually dont apply hfas But can you remember which one? Ill now look at the available hfas for R70 SPLAT. And also cause the firewall is a production one , what are the risks and affects of applying this ?

    regards

  14. #14
    Join Date
    2006-07-28
    Location
    San Francisco, USA
    Posts
    2,494
    Rep Power
    16

    Default Re: Enabling smartportal on R70 SPLAT

    Quote Originally Posted by vbavbalist View Post
    thank you i usually dont apply hfas But can you remember which one? Ill now look at the available hfas for R70 SPLAT. And also cause the firewall is a production one , what are the risks and affects of applying this ?
    It's probably time you changed your policies, to at least evaluate HFAs. When they get released, go through the release notes, look at what's been fixed, and see if anything impacts you. There are of course potentially issues with making changes, but do you run all your other software (OSes, DBs, etc) unpatched?

    If you read the release notes for the most recent HFA, it will also include the list of items fixed in previous HFAs. (That's the A part of HFA - "Accumulator")

Similar Threads

  1. IPv6, Enabling on Splat, IPs, Routes
    By alienbaby in forum IPv6
    Replies: 5
    Last Post: 2011-09-29, 10:43
  2. SmartPortal
    By kerrigon1 in forum SmartPortal
    Replies: 1
    Last Post: 2011-02-21, 08:20
  3. enabling synch on R65 Splat
    By archie100 in forum Installing And Upgrading
    Replies: 0
    Last Post: 2009-01-27, 06:37
  4. SmartPortal
    By donshoutarp in forum SmartPortal
    Replies: 15
    Last Post: 2008-01-02, 09:18
  5. SmartPortal
    By cciesec2006 in forum SmartPortal
    Replies: 0
    Last Post: 2007-11-09, 08:37

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •