topic Re: Gaia WebUI connection reset in Firewall and Security Management

Gaia WebUI connection reset

eltonsimoes — Mon, 28 Aug 2023 04:22:21 GMT

Hi all,

I need help about situation bellow: i have a cluster with 2 security gateways 6200 and version R81.10 jumbo hotfix take 109. When a trying access Gaia Webui in the port 4434 i see in tcpdump that connection reset. This behavor happens in both gateways, in the same in segment network. I've been around for some SK's like sk118801, sk97648, sk91380 and sk8456, but unsuccessfully. Does anyone have any ideas about this problem?

Thanks!

Log:

[Expert@sg-02:0]# tcpdump -nni any port 4434
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes
01:04:50.861888 ethertype IPv4, IP 192.168.2.102.55182 > 192.168.2.103.4434: Flags [S], seq 2801337733, win 29200, options [mss 1460,sackOK,TS val 1588764672 ecr 0,nop,wscale 10], length 0
01:04:50.861888 IP 192.168.2.102.55182 > 192.168.2.103.4434: Flags [S], seq 2801337733, win 29200, options [mss 1460,sackOK,TS val 1588764672 ecr 0,nop,wscale 10], length 0
01:04:50.862435 IP 192.168.2.103.4434 > 192.168.2.102.55182: Flags [R.], seq 0, ack 2801337734, win 0, length 0
01:04:50.862438 ethertype IPv4, IP 192.168.2.103.4434 > 192.168.2.102.55182: Flags [R.], seq 0, ack 1, win 0, length 0

[Mon Aug 28 00:29:50.567941 2023] [mpm_prefork:notice] [pid 16389] AH00169: caught SIGTERM, shutting down
[Mon Aug 28 00:29:52.641150 2023] [mime_magic:error] [pid 18542] (2)No such file or directory: AH01515: mod_mime_magic: can't read magic file /web/conf/magic
[Mon Aug 28 00:29:52.655702 2023] [so:warn] [pid 18542] AH01574: module setenvif_module is already loaded, skipping
[Mon Aug 28 00:29:52.655719 2023] [so:warn] [pid 18542] AH01574: module headers_module is already loaded, skipping
[Mon Aug 28 00:29:52.658564 2023] [core:warn] [pid 18542] AH00117: Ignoring deprecated use of DefaultType in line 421 of /web/conf/httpd2.conf.
AH00558: httpd2: Could not reliably determine the server's fully qualified domain name, using 192.168.2.103. Set the 'ServerName' directive globally to suppress this message
[Mon Aug 28 00:29:52.658751 2023] [mime_magic:error] [pid 18542] (2)No such file or directory: AH01515: mod_mime_magic: can't read magic file /web/conf/magic
[Mon Aug 28 00:29:52.658796 2023] [ssl:warn] [pid 18542] AH01873: Init: Session Cache is not configured [hint: SSLSessionCache]
[Mon Aug 28 00:29:52.660513 2023] [mpm_prefork:notice] [pid 18542] AH00163: CPWS/2.4.55 (Unix) OpenSSL/1.1.1t configured -- resuming normal operations
[Mon Aug 28 00:29:52.660552 2023] [core:notice] [pid 18542] AH00094: Command line: '/web/cpshared/web/Apache/2.2.0/bin/httpd2 -f /web/conf/httpd2.conf -D FOREGROUND

Re: Gaia WebUI connection reset

PhoneBoy — Mon, 28 Aug 2023 13:49:32 GMT

Is it only a particular segment that’s having an issue or from anywhere?
Is the Platform Portal port in the Cluster object to to use port 4434?

Re: Gaia WebUI connection reset

eltonsimoes — Mon, 28 Aug 2023 14:20:34 GMT

Hi @PhoneBoy

This behavor is from anywhere. Yes, in the Platform Portal it is configured to use port 4434.

Re: Gaia WebUI connection reset

vishnusecurrent — Thu, 09 Nov 2023 05:47:36 GMT

@eltonsimoes is it resolved. we are facing same issue

Re: Gaia WebUI connection reset

eltonsimoes — Sat, 18 Nov 2023 13:58:36 GMT

@vishnusecurrentnot yet!

Re: Gaia WebUI connection reset

LadaNemecek — Thu, 11 Jan 2024 10:14:50 GMT

Did you managed to resolve? Found same problem on 6200 cluster on 81.10JHF110

Re: Gaia WebUI connection reset

Gero_Stolle — Wed, 17 Jan 2024 15:32:01 GMT

I have the same issue with a 3600 running with R81.10 JHF41
netstat -a shows no listener on port 4434 which is set correctly.
the other cluster member runs fine

when restarting the service, this could be seen in httpd2_error_log:
[ssl:warn] [pid 508] AH01873: Init: Session Cache is not configured [hint: SSLSessionCache]
but
--> LoadModule socache_shmcb_module modules/libmod_socache_shmcb.so - is active in httpd2.conf

and
AH00558: httpd2: Could not reliably determine the server's fully qualified domain name, using 172.xxx,xxx.3 Set the 'ServerName' directive globally to suppress this message
and
[mime_magic:error] [pid 508] (2)No such file or directory: AH01515: mod_mime_magic: can't read magic file /web/conf/magic

on the running member the correct lines follow and the service starts:
[ssl:warn] [pid 10019] AH01906: 172.xx.xxx.2:4434:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[ssl:warn] [pid 10019] AH01909: 172.xx.xxx.2:4434:0 server certificate does NOT include an ID which matches the server name
we follow sk84561 up to step 12, but no deeper hints found

kernel debug I want to take tommorow

any ideas ? TAC case needed ?

best regards
Gero

Re: Gaia WebUI connection reset

Gero_Stolle — Wed, 17 Jan 2024 15:38:58 GMT

when searching inet I would like to check thisout:
when there is a httpd-ssl.conf
adding this line
SSLSessionCache "shmcb:logs/ssl_scache(512000)"
tomorrow I will have a new session with my customer to try out 🙂

best regards
Gero

Re: Gaia WebUI connection reset

Gero_Stolle — Wed, 17 Jan 2024 16:38:56 GMT

But I found this by investigating the cpinfo
in /tmp/cpinfo_hcp_log
+------------------------------------------------------------------------------------------------------------------------------------+
| Gaia OS/General/HTTPD SSL CONF FILE |
+------------------------------------------------------------------------------------------------------------------------------------+
| Result: ERROR |
| |
| Description: Verify httpd-ssl.conf.templ is correct |
| |
| Summary: File httpd-ssl.conf.templ may be empty or corrupted! |
| |
| Finding: |
| File httpd-ssl.conf.templ may be empty or corrupted! |
| |
| Suggested solutions: |
| - Replace file /web/templates/httpd-ssl.conf.templ with the one in /web/templates/httpd-ssl.conf.templ.bak |
| you may run the following: |
| 1. /usr/bin/cp /web/templates/httpd-ssl.conf.templ.bak /web/templates/httpd-ssl.conf.templ |
| 2. /bin/template_xlate : /web/templates/httpd-ssl.conf.templ /web/conf/extra/httpd-ssl.conf < /config/active |
| 3. tellpm process:httpd2 |
| 4. tellpm process:httpd2 t |
| |
| |

So I like to follow up this, because all files are generated by templates and should not be manipulated manualy 🙂

so far

Gero

this correlates to
https://support.checkpoint.com/results/sk/sk180829

lets see tomorrow.....

Re: Gaia WebUI connection reset

eltonsimoes — Sun, 11 Feb 2024 05:40:47 GMT

Hi, @Gero_Stolle

Was the problem resolved by applying sk180829? Thanks for sharing!

Best Regards,

Elton Simões

Re: Gaia WebUI connection reset

the_rock — Mon, 12 Feb 2024 00:03:44 GMT

That seems like a resonable process to try.

Best,

Andy

Re: Gaia WebUI connection reset

Gero_Stolle — Mon, 12 Feb 2024 07:38:10 GMT

Yes, following https://support.checkpoint.com/results/sk/sk180829
was successful, webgui accessible again. 🙂

Re: Gaia WebUI connection reset

the_rock — Mon, 12 Feb 2024 12:07:33 GMT

Excellent!

Andy