https://community.checkpoint.com/t5/Firewall-and-Security-Management/Gaia-Webui-and-SNMP-not-reachable-via-routing/m-p/68388#M12121 <P>OK most likely that the WebUI etc only allowed from a local network.</P><P>&nbsp;</P><P>When you can WebUI in then under&nbsp;</P><P>&nbsp;</P><P>System Management / Host Access&nbsp;&nbsp;</P><P>&nbsp;</P><P>then what is it set too</P><P>&nbsp;</P><P>Seeing in the whole inbound chain in the fwmonitor so presuming you mean</P><P>pre-inspection i stage</P><P>post-inspection I stage</P><P>This would indicate that the traffic getting through the Security Policy, also any Address Spoofing</P><P>Hence why suspect that locked down under the Host Access</P><P>As can access from local network then process must be responding and be attempting on the correct port.</P><P>&nbsp;</P><P>&nbsp;</P> Mon, 25 Nov 2019 13:18:28 GMT mdjmcnally 2019-11-25T13:18:28Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Gaia-Webui-and-SNMP-not-reachable-via-routing/m-p/68382#M12120 <P>Hi Community,</P><P>I got the following problem:<BR />Accessing Gaia from a non-lokal network fails. With another device as a jumphost in the same local network, ssh works. The incoming packets for :4434 are shown in fw monitor and are passing the complete inbound chain, but there are not outbound packets. A tcpdump does not show these packages, so the operating system and gaia webui cannot receive that traffic. A kernel debug with zdebug + drop doesn't show any dropped packages.</P><P>In apache access_log, no requests are seen.</P><P>Unfortunately it's a R77.30 on openserver, which is still in production, but other routing works perfectly on that machine.</P><P>I'm confused - does anybody got an idea what the problem is?</P><P>Best Regards<BR />Johannes</P> Mon, 25 Nov 2019 12:37:41 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Gaia-Webui-and-SNMP-not-reachable-via-routing/m-p/68382#M12120 Johannes_Schoen 2019-11-25T12:37:41Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Gaia-Webui-and-SNMP-not-reachable-via-routing/m-p/68388#M12121 <P>OK most likely that the WebUI etc only allowed from a local network.</P><P>&nbsp;</P><P>When you can WebUI in then under&nbsp;</P><P>&nbsp;</P><P>System Management / Host Access&nbsp;&nbsp;</P><P>&nbsp;</P><P>then what is it set too</P><P>&nbsp;</P><P>Seeing in the whole inbound chain in the fwmonitor so presuming you mean</P><P>pre-inspection i stage</P><P>post-inspection I stage</P><P>This would indicate that the traffic getting through the Security Policy, also any Address Spoofing</P><P>Hence why suspect that locked down under the Host Access</P><P>As can access from local network then process must be responding and be attempting on the correct port.</P><P>&nbsp;</P><P>&nbsp;</P> Mon, 25 Nov 2019 13:18:28 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Gaia-Webui-and-SNMP-not-reachable-via-routing/m-p/68388#M12121 mdjmcnally 2019-11-25T13:18:28Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Gaia-Webui-and-SNMP-not-reachable-via-routing/m-p/68406#M12122 Allowed-Networks are existent and my networks are allowed - I can see from Smartlog incoming 4434 to the firewall and I can see the packets in the inbound stage i and I but not on the outgoing stage o or O.<BR />Address spoofing is disabled and all topology interfaces are set as external<BR />In case the Allowed-Clients aren't working, is there a log to consult? Mon, 25 Nov 2019 15:06:21 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Gaia-Webui-and-SNMP-not-reachable-via-routing/m-p/68406#M12122 Johannes_Schoen 2019-11-25T15:06:21Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Gaia-Webui-and-SNMP-not-reachable-via-routing/m-p/68409#M12123 <P>Traffic being passed by the Firewall Policy but no log on the apache server log</P><P><SPAN>sk91380 is the SK article on debugging Gaia Portal.</SPAN></P><P><SPAN>/var/log/httpd2_error_log&nbsp; is a log file worth looking at and mentioned in the SK article</SPAN></P><P><SPAN>The fact that works when local&nbsp; indicates that the actual port etc itself is correct.</SPAN></P><P>&nbsp;</P><P>what do you get from</P><P>&nbsp;</P><P>show static-route destination client_ip</P><P>just make sure the next hop is correct.</P><P>&nbsp;</P> Mon, 25 Nov 2019 15:24:23 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Gaia-Webui-and-SNMP-not-reachable-via-routing/m-p/68409#M12123 mdjmcnally 2019-11-25T15:24:23Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Gaia-Webui-and-SNMP-not-reachable-via-routing/m-p/68502#M12124 Routing looks good, so it's the expected routing interface, and we have production traffic on the firewalls, due to some old vpn-tunnels, still terminated at the check point.<BR /><BR />I helped myself with Hide-Natting the traffic with the new firewall to the Check Point node IPs and now it's working again - I won't do more troubleshooting, because of that workaround.<BR /><BR />Many thanks for your inputs Tue, 26 Nov 2019 10:28:23 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Gaia-Webui-and-SNMP-not-reachable-via-routing/m-p/68502#M12124 Johannes_Schoen 2019-11-26T10:28:23Z