topic No WebUI or CLI access in Firewall and Security Management

No WebUI or CLI access

Matlu — Mon, 26 Dec 2022 17:00:17 GMT

Hello, everyone.

Merry Christmas.

I have a problem to be able to access by WebUI and CLI to my GW.
Having the problem of not being able to access by CLI, I cannot run diagnostic commands.

In the SmartConsole logs, you can see that initially the traffic to access the WebUI of the GW, matches with my explicit rule of the Firewall layer, but then automatically seems to match with another rule that says "Implied Rule", and I just can't access.

Does anyone know how to fix this error?

Regards.

Re: No WebUI or CLI access

Danny — Mon, 26 Dec 2022 20:39:24 GMT

I suggest to change the default SSL port 443 to a non-standard port, such as 4434.

What is your log showing for CLI connection attempts to CPGW?
Are you able to send script commands to CPGW from SmartConsole (right click on CPGW to run those)?

Re: No WebUI or CLI access

Chris_Atkinson — Mon, 26 Dec 2022 22:08:53 GMT

Please review sk134872 and check the logs again after the changes.

Noting that you only permit a destination of internet in the layer. How does the logs look for the SSH traffic?

Re: No WebUI or CLI access

genisis__ — Tue, 27 Dec 2022 23:22:46 GMT

Please confirm the following, which may help:

- Did this ever work, if so, what's changed?

- Does SIC still work?

- Do you have LOM connectivity or any means to access the GW out-of-band?

- What version of CP are you running, including Jumbo?

Re: No WebUI or CLI access

Matlu — Tue, 27 Dec 2022 02:21:09 GMT

Hello,

I have not worked with script to date, but it may be the best time to learn how to do it.

Could you point me to a script to validate your query? Please.

I understand that I can do this from the SmartConsole.
As I see the scripts from this manager, are supported since version R80.20.

Greetings.

Re: No WebUI or CLI access

Matlu — Tue, 27 Dec 2022 02:36:50 GMT

Hi Chris.

I have 2 layers.
1- Network layer.
2- APPC+URLF layer.

If you notice, the logs show me that the traffic matches with the explicit rule created in the network layer (attached image), but the problem is that after that, the traffic just starts to match with the "Implied" rule that as I see, belongs to the APPC+URLF layer.

I hope to be clear with my explanation and query.

Greetings.

Re: No WebUI or CLI access

the_rock — Tue, 27 Dec 2022 03:15:35 GMT

Didnt you post about this recently and showed you had any any drop at the bottom of 2nd ordered layer? Apologies if that was someone else, but I am fairly certain it was indeed you. If so, please change that rule, as all traffic would be blocked.

Re: No WebUI or CLI access

Chris_Atkinson — Tue, 27 Dec 2022 05:44:55 GMT

As per your previous thread we're trying to help but you are not following directions about how layers work or providing the requested information.

Did you change the platform portal url port to start?

Afterwards do you see the same log / drop reasons for both SSH & Web UI access?