topic Re: Management WebUI appliance 1550 in Spark Firewall (SMB)

Management WebUI appliance 1550

Matlu — Mon, 27 Nov 2023 22:54:21 GMT

Hello, everyone.

I have a GW which is an appliance 1530/1550 in version R80.20.35 which is hooked to a SMS which has version R80.40.

I am trying to access the GW via WebUI, but for some reason, it does not allow me.

I want to know, if they probably changed the management port to this GW, to access by WebUI.

Is there any way to identify it through the CLI?

The only way I currently have to access the GW is by CLI, but to access the CLI, I can only do it by "jumping" from the SMS, because if I try to do it directly by SSH, it simply can't be done.

Thanks for your comments.

Re: Management WebUI appliance 1550

the_rock — Mon, 27 Nov 2023 22:55:28 GMT

Ola bro,

I bvelieve default web UI port for those appliances is 4434, if Im not mistaken, so as long as that port is allowed via policy, no reason why it would fail.

Andy

Re: Management WebUI appliance 1550

Matlu — Mon, 27 Nov 2023 23:09:49 GMT

Buddy,

Is there a way to validate the port needed for the WebUI management of these appliances?

Greetings.

Re: Management WebUI appliance 1550

the_rock — Mon, 27 Nov 2023 23:10:54 GMT

Not sure if below works in clish on SMB, but you can try:

show web ssl-port

Andy

Re: Management WebUI appliance 1550

Matlu — Mon, 27 Nov 2023 23:17:49 GMT

Bad luck for me 😄

The command does not work.

The commands on these models, vary quite a bit on most of them 😕

GW> show web ssl-port
^
Bad parameter starting at 'web ssl-port'.

Re: Management WebUI appliance 1550

the_rock — Mon, 27 Nov 2023 23:45:31 GMT

Found it

show admin-access

Andy

Re: Management WebUI appliance 1550

Matlu — Tue, 28 Nov 2023 00:47:46 GMT

I found that the management port for WebUI is 4434, but when I try to access through a "Browser", I can't access.

In the logs, I do not see any "log" that tells me what could be happening.

I have tried TCPDUMP, and FW Monitor, but I don't get any result.

My source IP is an IP assigned to me by my remote VPN connection (1.1.1.1.203).

I have another appliance to which I have access through WebUI, and when I see the logs of this appliance, I see that it matches with an IMPLIED RULE 0 and that is why the traffic is allowed to manage it through HTTPS.

Is an explicit rule needed for this type of access?

Re: Management WebUI appliance 1550

the_rock — Tue, 28 Nov 2023 00:49:07 GMT

Make sure traffic is allowed on that port. Just do zdebug and grep for port 4434

fw ctl zdebug + drop | grep "4434"

Andy

Re: Management WebUI appliance 1550

Matlu — Tue, 28 Nov 2023 01:00:27 GMT

Is it normal to allow traffic from a certain connection, for an IMPLIED RULE 0?

How to interpret an IMPLIED RULE? It is something like this:
Source: All
Destinations: All
Action: Allow

Is this how IMPLIED works?

I have a flow in which my remote VPN connection is not done by the CP, but by another solution, such as F5.

To certain GW SMB that I have, if the access is allowed by WebUI, but to other appliances, NOT.

Could this be something that also needs to be checked at the VPN solution level by the F5?

Re: Management WebUI appliance 1550

the_rock — Tue, 28 Nov 2023 01:05:47 GMT

Its set of predefined rules that sort of govern, for the lack of the better term, the internal CP communication.

https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_SecurityManagement_AdminGuide/Topics-SECMG/Implied_Rules.htm

By the way, if you do quick remote with TAC for this issue, Im sure they will be able to figure out why its failing.

Andy

Re: Management WebUI appliance 1550

Chris_Atkinson — Tue, 28 Nov 2023 14:51:57 GMT

Please consider upgrading the software version of both systems when able as each is approaching their sunset within the coming months.