topic Access serial console of another device thru Checkpoint Appliance USB port in Firewall and Security Management

Access serial console of another device thru Checkpoint Appliance USB port

Al_Marti — Sun, 31 Mar 2019 03:41:11 GMT

I had the need to configure a new Cisco 3750 switch at a remote site with minimal hands-on help. I had remote ssh access to an R80.20 3100 appliance on site and wondered if could use the 3750 console cable plugged into the 3100 to access the 3750 switch console.

I arranged for the mini-USB end of the 3750 console cable to be plugged into the Cisco 3750 mini-USB console port and the other end to be plugged into the Checkpoint 3100 appliance Type-A USB port.

Running the dmesg command in expert mode I could see that the GAIA kernel had created a serial device file after the cable was connected:

[Expert@sta-fw01:0]# dmesg | tail -30
usb 1-1.2: new full speed USB device using ehci_hcd and address 3
usb 1-1.2: configuration #1 chosen from 1 choice
drivers/usb/class/cdc-acm.c: This device cannot do calls on its own. It is no modem.
cdc_acm 1-1.2:1.0: ttyACM0: USB ACM device
usbcore: registered new driver cdc_acm
drivers/usb/class/cdc-acm.c: v0.25:USB Abstract Control Model driver for USB modems and ISDN adapters

Using the cat command I could see that I had good serial connectivity to the switch:

[Expert@sta-fw01:0]# cat < /dev/ttyACM0 
Apr  3 01:26:06.726: %USB_CON
Switch>

Now I just needed to find a terminal emulation program in GAIA that would give me an interactive connection over the serial port to the switch. I searched for tip, minicom and several others to no avail, and then I discovered that GAIA comes with the picocom terminal emulation program installed.

I just ran the command: picocom /dev/ttyACM0 and bingo I had an interactive connection over the USB serial cable to the switch:

[Expert@sta-fw01:0]# picocom /dev/ttyACM0 
picocom v2.1
port is        : /dev/ttyACM0
flowcontrol    : none
baudrate is    : 9600
parity is      : none
databits are   : 8
stopbits are   : 1
escape is      : C-a
local echo is  : no
noinit is      : no
noreset is     : no
nolock is      : no
send_cmd is    : sz -vv
receive_cmd is : rz -vv -E
imap is        : 
omap is        : 
emap is        : crcrlf,delbs,

Type [C-a] [C-h] to see available commands

Terminal ready

Apr  3 01:42:26.784: %LINK-3-U
Switch>
Switch> en
Switch#
Switch# show ver | inc Cisco
Cisco IOS Software, C3750E Software (C3750E-UNIVERSALK9-M), Version 15.2(1)E2, RELEASE SOFTWARE (fc1)
...
...
...
Switch#

Once connected via picocom, Ctrl-a Ctrl-h displays a helpful list of escape sequences like Ctrl-a Ctrl-x to end the session:

*** Picocom commands (all prefixed by [C-a])

*** [C-x] : Exit picocom
*** [C-q] : Exit without reseting serial port
*** [C-b] : Set baudrate
*** [C-u] : Increase baudrate (baud-up)
*** [C-d] : Decrease baudrate (baud-down)
*** [C-i] : Change number of databits
*** [C-j] : Change number of stopbits
*** [C-f] : Change flow-control mode
*** [C-y] : Change parity mode
*** [C-p] : Pulse DTR
*** [C-t] : Toggle DTR
*** [C-|] : Send break
*** [C-c] : Toggle local echo
*** [C-s] : Send file
*** [C-r] : Receive file
*** [C-v] : Show port settings

Anyways, I thought others may find this helpful for remote configuration of devices with a USB console port in a pinch.

The same method could be used to remotely configure a Checkpoint Appliance manually using isomorphic USB GAIA installation and the config_system command for the first time configuration.

Re: Access console of another device thru Checkpoint Appliance USB port

PhoneBoy — Sat, 30 Mar 2019 05:12:22 GMT

Nice, had no idea that was possible.

Re: Access console of another device thru Checkpoint Appliance USB port

Vladimir — Sat, 30 Mar 2019 12:50:49 GMT

This is great! Thank you for sharing.

Re: Access console of another device thru Checkpoint Appliance USB port

Maarten_Sjouw — Sat, 30 Mar 2019 19:09:53 GMT

Have you also tried a rollover cable from the serial port of the CP to the console port of the cisco? (Rollover means 1-8, 2-7, 3-6 etc)
I know this works the other way around from Cisco routers with the aux port, just connect to the IP of the router with telnet on port 2001, you only need to make sure to make some proper adjustments to the aux port, like 'transport input all' and 'no-exec'.

Re: Access console of another device thru Checkpoint Appliance USB port

HeikoAnkenbrand — Sat, 30 Mar 2019 21:10:23 GMT

Nice hack!

Re: Access console of another device thru Checkpoint Appliance USB port

Maarten_Sjouw — Sat, 30 Mar 2019 21:32:59 GMT

picocom is only available from 80.20 (and up?), I tried on R77.30 and R80.10 but only R80.20 has picocom aboard.

Re: Access console of another device thru Checkpoint Appliance USB port

Arkadiy_Korotin — Fri, 26 Nov 2021 04:54:39 GMT

https://archives.fedoraproject.org/pub/archive/epel/5/i386/picocom-1.6-1.el5.i386.rpm

work on 77.30

Re: Access console of another device thru Checkpoint Appliance USB port

Arkadiy_Korotin — Fri, 26 Nov 2021 05:08:44 GMT

https://archives.fedoraproject.org/pub/archive/epel/5/i386/picocom-1.6-1.el5.i386.rpm

work on 77.30

Re: Access console of another device thru Checkpoint Appliance USB port

Zolo — Fri, 06 Oct 2023 05:39:04 GMT

Until R81.10
Unfortunately, it has been removed from R81.20 🤔