CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


I'd like to thank everyone involved for making "The CPUG Challenge" a great success.
We helped a lot of people see and learn a bit more about R80.10, while having some fun.
We will be using this success to try and bring more events to more locations soon. -E

 

Results 1 to 10 of 10

Thread: Hello. I'm Dave from the UK and frankly in need of some help.

  1. #1
    Join Date
    2016-11-07
    Posts
    9
    Rep Power
    0

    Default Hello. I'm Dave from the UK and frankly in need of some help.

    The story so far...

    I've acquired a checkpoint 12600 from a liquidation sale. An entire data centre went under and went through the receivers in the uk. Several bids later I ended up with 1 of 2 12600s that were from the said data centre. Now as you can probably guess I'm new to the world of servers and data centres though I do have some computing knowledge. After getting the 12600 home my first intention was obviously to test it. It fires up ok and loads the images fine.

    This is my problem:--

    I cannot for the life of me get into the management UI. I've obviously set the static ip on my win 7 computer to the management address on the 12600. It connects to the network fine and pings back on 192.168.1.1 but repeatedly gives me a connection refused error in every browser that I've tried. I've tried a few different options in the boot menu and all result in the same error. I think the unit is working fine but is it possible that the previous owner has disabled it through the management lan port? I would really like to know which blades are installed in it and to check if its working correctly before I try to sell it!! I'm told by a cp partner that the licenses can be transfered from cp so hopefully I can find a buyer for it.

    Any help that you could offer would be much appreciated as I am steadily going crazy with this.

    I also realise that this forum is really for people who are trying to further their knowledge of cp equipment and not really for people like my who are trying to sell equipment. As I said, any help would be v much appreciated

    Thanks.

    Dave.

  2. #2
    Join Date
    2011-08-02
    Location
    http://spikefishsolutions.com
    Posts
    1,412
    Rep Power
    8

    Default Re: Hello. I'm Dave from the UK and frankly in need of some help.

    Quote Originally Posted by v8dude View Post
    The story so far...

    I've acquired a checkpoint 12600 from a liquidation sale. An entire data centre went under and went through the receivers in the uk. Several bids later I ended up with 1 of 2 12600s that were from the said data centre. Now as you can probably guess I'm new to the world of servers and data centres though I do have some computing knowledge. After getting the 12600 home my first intention was obviously to test it. It fires up ok and loads the images fine.

    This is my problem:--

    I cannot for the life of me get into the management UI. I've obviously set the static ip on my win 7 computer to the management address on the 12600. It connects to the network fine and pings back on 192.168.1.1 but repeatedly gives me a connection refused error in every browser that I've tried. I've tried a few different options in the boot menu and all result in the same error. I think the unit is working fine but is it possible that the previous owner has disabled it through the management lan port? I would really like to know which blades are installed in it and to check if its working correctly before I try to sell it!! I'm told by a cp partner that the licenses can be transfered from cp so hopefully I can find a buyer for it.

    Any help that you could offer would be much appreciated as I am steadily going crazy with this.

    I also realise that this forum is really for people who are trying to further their knowledge of cp equipment and not really for people like my who are trying to sell equipment. As I said, any help would be v much appreciated

    Thanks.

    Dave.
    Are you saying it has a policy on it and you can login? My knee jerk reaction is re-install because you don't know whats on it.

    If you're in clish this command should enable the webui.

    set web daemon enable on

    and i think...

    set web ssl-port 443

    to make it all 443ish. If thats not right its very close. The only other issue I can think is maybe the hostname is set incorrectly. This will prevent the webui (and other things) from starting.

    if this command fails with host unknown its part of the problem.

    ping $(hostname)

    then do the following from clish

    add host name MyHostName ipv4-address $SOMEIP
    set hostname MyHostName
    save config
    reboot

    If that doesn't work, put some sriracha on it. It might not fix the issue, but it will taste better.

  3. #3
    Join Date
    2016-11-07
    Posts
    9
    Rep Power
    0

    Default Re: Hello. I'm Dave from the UK and frankly in need of some help.

    Thanks for the quick reply.

    I understood about 10% of it but I'm willing to learn! I've been pinging the cp12600 from a dos command so clish is something that I'd never come across before. I'll be installing that as soon as I'm home.

    Unfortunately work gets in the way sometimes.

    Once into the ui (i'm guessing through the gaia portal) will I be able to see what blades are installed and licensed in the machine or will I have to contact Checkpoint themselves?

    Thanks again.

    Dave.

  4. #4
    Join Date
    2006-03-08
    Location
    Lausanne
    Posts
    966
    Rep Power
    12

    Default Re: Hello. I'm Dave from the UK and frankly in need of some help.

    If you have someone else's FW and you want to use it, reinstall it first.

    With 12600 there should be an option to get factory reset during boot sequence by using front panel buttons. If this does not work for you, download a Check Point Gaia ISO image you want to use and boot from it. It will automatically install new image on the box, and then you should be able to continue.
    -------------

    Valeri Loukine
    CCMA, CCSM, CCSI
    http://checkpoint-master-architect.blogspot.com/

  5. #5
    Join Date
    2016-11-07
    Posts
    9
    Rep Power
    0

    Default Re: Hello. I'm Dave from the UK and frankly in need of some help.

    Quote Originally Posted by varera View Post
    If you have someone else's FW and you want to use it, reinstall it first.

    With 12600 there should be an option to get factory reset during boot sequence by using front panel buttons. If this does not work for you, download a Check Point Gaia ISO image you want to use and boot from it. It will automatically install new image on the box, and then you should be able to continue.
    Hi Valeri.

    TBH I want to check the software on the unit and then sell it! Do you think it's a good idea to get an account with checkpoint and then transfer the licencing to the end user when I've tested the unit? Would a complete reinstall be destructive to the licencing?

    Thanks.

    Dave.

  6. #6
    Join Date
    2006-03-08
    Location
    Lausanne
    Posts
    966
    Rep Power
    12

    Default Re: Hello. I'm Dave from the UK and frankly in need of some help.

    Quote Originally Posted by v8dude View Post
    Hi Valeri.

    TBH I want to check the software on the unit and then sell it! Do you think it's a good idea to get an account with checkpoint and then transfer the licencing to the end user when I've tested the unit? Would a complete reinstall be destructive to the licencing?

    Thanks.

    Dave.
    Hi Dave,

    Do you have admin credentials of the box? If yes, connect to the console port and login, then run "fw unloadlocal" to un-install policy. WebUI should start working afterwards. If you do not have credentials, there is no other way but re-imaging. Well, technically, there is, but without particular skills it is next to impossible.

    Concerning the license, every Check Point appliance is sold with lifetime license. If you are new legal owner of the box, it should not be a problem to trace and recover it with Check Point accounting services. The second part of equation is maintenance contract. It is usually acquired for 1 to 5 years, and accounting should also be able to advise you if you can recover that.

    Most important, to stay within licensing agreement with the vendor, you need to inform Check Point every time the box changes hands, to ensure proper licensing and contracts handover to the new owner.

    Hope this helps.
    -------------

    Valeri Loukine
    CCMA, CCSM, CCSI
    http://checkpoint-master-architect.blogspot.com/

  7. #7
    Join Date
    2016-11-07
    Posts
    9
    Rep Power
    0

    Default Re: Hello. I'm Dave from the UK and frankly in need of some help.

    Hi.

    I've managed to transfer the licence of the unit to myself via the very helpful staff at Checkpoint (They work a lot of hours). I will re-image the unit unless the potential buyer wants to do that themselves as its a bit out of my comfort zone.

    Thanks very much for all your help and advice. It does make life better.

    Cheers.

    Dave.

  8. #8
    Join Date
    2006-03-08
    Location
    Lausanne
    Posts
    966
    Rep Power
    12

    Default Re: Hello. I'm Dave from the UK and frankly in need of some help.

    Glad it has worked out for you
    -------------

    Valeri Loukine
    CCMA, CCSM, CCSI
    http://checkpoint-master-architect.blogspot.com/

  9. #9
    Join Date
    2016-11-07
    Posts
    9
    Rep Power
    0

    Default Re: Hello. I'm Dave from the UK and frankly in need of some help.

    Hi Valeri.

    Do you think there is an outlet for a used 12600 appliance

    I'm struggling to find a buyer at the minute.

    I'm sure a company could save a great deal of money.

    Thanks.

    Dave.

  10. #10
    Join Date
    2011-08-02
    Location
    http://spikefishsolutions.com
    Posts
    1,412
    Rep Power
    8

    Default Re: Hello. I'm Dave from the UK and frankly in need of some help.

    How much are you selling it for and have you priced out what its going to cost to get support and 1 year of blades that come free with a new appliance?

    I'm thinking your best bet is to ebay it.

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •