This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Blason_R
Leader
Leader
‎2023-08-28 12:39 AM

Harmony Connect On-premise natting and block Gaia Portal access

Hello,


I have harmony connect on-premise version which I need to give to the people who are roaming and they need to connect to on-premise server over Internet. 

I know that my server needs to be natted so that agents will communicate over internet however when I do that since EPM server listen on port 443 even my Gaia portal even exposes over internet.

Since being a mgmt server I do not have option to set the different URI for GAIA access and wondering how do I do that?

 

TIA

Blason R

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS
0 Kudos
8 Replies
PhoneBoy
Admin
Admin
‎2023-08-28 07:11 AM

It can be configured via clish: set web ssl-port 4434 (or whatever the desired port is).

0 Kudos
Blason_R
Leader
Leader
‎2023-08-28 07:41 PM
In response to PhoneBoy

Nope - that is not possible and I already tried that. 

Agent goes offline since they connect on port 443.

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS
0 Kudos
the_rock
Legend
Legend
‎2023-08-28 07:44 PM
In response to Blason_R

Thats odd. I set mgmt web UI on port 4434 many times before and worked just fine.

Andy

0 Kudos
Blason_R
Leader
Leader
‎2023-08-28 07:45 PM
In response to the_rock

Yes It works with only SMS server but definitely not with EPM server. have you tried with EPM or pure mgmt server?

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS
0 Kudos
the_rock
Legend
Legend
‎2023-08-28 07:47 PM
In response to Blason_R

As a matter of fact, yes, on R81.10, no issues.

Andy

0 Kudos
Blason_R
Leader
Leader
‎2023-08-28 07:50 PM
In response to the_rock

Hmmm - Not sure why it didnt work with me then. I am on R81 and is having EPM server only.

I verified the apache2 config files and internally everything is diverted to localhost:4434 and multiple vhosts. 

Let me give a try again though

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS
0 Kudos
the_rock
Legend
Legend
‎2023-08-28 07:53 PM
In response to Blason_R

Not sure mate, sorry. I had to delete that lab to make some space for Palo Alto lab, but definitely worked fine in R81.10. Cant recall jumbo on it back then, but Im sure that makes no difference.

Andy

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2023-08-29 01:13 AM
In response to Blason_R

Did you read this already: https://support.checkpoint.com/results/sk/sk178064

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    li.common.scroll-to.top