https://community.checkpoint.com/t5/General-Topics/Can-not-access-smart-console-over-site-site-VPN/m-p/256288#M43159 <P>Hello,</P> <P>I aimed to establish a connection to the smart console via a site-to-site VPN that is terminated on a Check Point managed by the same Check Point management server. However, I recognize that the CPMI and CPM services are accessed through implied rules. Therefore, I adhered to the documentation and commented out</P> <P>````</P> <P>/*&nbsp;#define ENABLE_CPMI */</P> <P>```</P> <P>Since my management server is on R82 and firewalls are on R81.20, I had to comment out at below path per documentation</P> <P>```</P> <P>/opt/CPR8120CMP-R82/lib/implied_rules.def</P> <P>```</P> <P>Subsequently, a particular rule was established for CPMI and CPM services; however, I am still unable to establish a connection via site-to-site VPN.</P> <P>Currently, if the firewall version matches the management version lets suppose both are on R82 and I modify the $FWDIR/lib/implied_rules.def file, it functions flawlessly. However, this is not the case when the target firewall version is R81.20 or any version other than that of the management server.</P> <P>Has anyone noticed such an issue before?</P> <P>&nbsp;</P> Mon, 01 Sep 2025 07:45:46 GMT Blason_R 2025-09-01T07:45:46Z https://community.checkpoint.com/t5/General-Topics/Can-not-access-smart-console-over-site-site-VPN/m-p/256288#M43159 <P>Hello,</P> <P>I aimed to establish a connection to the smart console via a site-to-site VPN that is terminated on a Check Point managed by the same Check Point management server. However, I recognize that the CPMI and CPM services are accessed through implied rules. Therefore, I adhered to the documentation and commented out</P> <P>````</P> <P>/*&nbsp;#define ENABLE_CPMI */</P> <P>```</P> <P>Since my management server is on R82 and firewalls are on R81.20, I had to comment out at below path per documentation</P> <P>```</P> <P>/opt/CPR8120CMP-R82/lib/implied_rules.def</P> <P>```</P> <P>Subsequently, a particular rule was established for CPMI and CPM services; however, I am still unable to establish a connection via site-to-site VPN.</P> <P>Currently, if the firewall version matches the management version lets suppose both are on R82 and I modify the $FWDIR/lib/implied_rules.def file, it functions flawlessly. However, this is not the case when the target firewall version is R81.20 or any version other than that of the management server.</P> <P>Has anyone noticed such an issue before?</P> <P>&nbsp;</P> Mon, 01 Sep 2025 07:45:46 GMT https://community.checkpoint.com/t5/General-Topics/Can-not-access-smart-console-over-site-site-VPN/m-p/256288#M43159 Blason_R 2025-09-01T07:45:46Z https://community.checkpoint.com/t5/General-Topics/Can-not-access-smart-console-over-site-site-VPN/m-p/256289#M43160 <P><STRONG>Quick fix</STRONG>: SSH into the Security Management and tunnel the ports 443, 18190, 19009 and 18210. Then perform a SmartConsole connect to 127.0.0.1 and you are fine as long as localhost is allowed to connect.</P> Mon, 01 Sep 2025 08:03:26 GMT https://community.checkpoint.com/t5/General-Topics/Can-not-access-smart-console-over-site-site-VPN/m-p/256289#M43160 Danny 2025-09-01T08:03:26Z https://community.checkpoint.com/t5/General-Topics/Can-not-access-smart-console-over-site-site-VPN/m-p/256291#M43161 <P>Indeed - This is what I have been doing it for a long time. However, this method is effective when connecting to a single management server. The problem arises when you utilize ports 18190 and 19009 for localhost, as it prevents connections to other management servers. Given that we are overseeing multiple clients and various management servers, this is gradually becoming an impractical solution. Therefore, we established an RDP server and configured a tunnel with the customer firewalls so that we can access those directly, but we are encountering that issue.</P> <P>&nbsp;</P> Mon, 01 Sep 2025 08:29:42 GMT https://community.checkpoint.com/t5/General-Topics/Can-not-access-smart-console-over-site-site-VPN/m-p/256291#M43161 Blason_R 2025-09-01T08:29:42Z