This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Secret-goblin-5
Contributor
Friday
Jump to solution

Fresh Install of R82 into VMWare - ERR_CONNECTION_REFUSED before First Time Wizard started

Fresh R82 install (Check_Point_R82_T779).

I am on the same subnet as the VM.

 

I can ping, and SSH into the new VM, but cannot connect with a browser.

 

I get the error 

This site can’t be reached

x.x.x.245 refused to connect.

ERR_CONNECTION_REFUSED

 

Mgmt port is set to eth0 (only port on vm)
IP is static config, and is correct (default gateway, subnet mask etc)
VM is entirely new, no config at all except basics like passwords and disk size.



Any idea what is causing this?

0 Kudos
1 Solution

Accepted Solutions
Secret-goblin-5
Contributor
yesterday
In response to Duane_Toler
Jump to solution

I used that doc to build the VM.

Apart for disk IO depth and queue IO depth I followed the instructions exactly.

I built a fresh VM and it worked perfectly, so I'm scraping this VM and just using the other one.

 

Thanks for trying to resolve it, but wiping and starting again fixed the issue.

View solution in original post

13 Replies
Timothy_Hall
MVP Gold
MVP Gold
Friday
Jump to solution

How much RAM is allocated?  The minimum for version R82 is now 8GB, up from 4GB in R81.20.

New Book: "Max Power 2026" Coming Soon
Check Point Firewall Performance Optimization
Secret-goblin-5
Contributor
Tuesday
In response to Timothy_Hall
Jump to solution

RAM set to 10gb

0 Kudos
the_rock
MVP Diamond
MVP Diamond
Friday
Jump to solution

Make sure initial policy is not applied, if it is, verify by running fw stat, if so, then execute fw unloadlocal. Mind you, even with initial policy, https and ssh would work. Check below in clish:

show web ssl-port

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
Secret-goblin-5
Contributor
Tuesday
In response to the_rock
Jump to solution 

In order to configure your system, please access the Web UI and finish the First Time Wizard.
gw-93c8fe> show web ssl-port
web-ssl-port 443
gw-93c8fe> fw unloadlocal
 Local host is not a FireWall-1 module
gw-93c8fe>
0 Kudos
the_rock
MVP Diamond
MVP Diamond
Tuesday
In response to Secret-goblin-5
Jump to solution

Ah, got it, so its just the management server. Check what Tim suggested, that could be the issue, for sure.

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
emmap
MVP Gold CHKP MVP Gold CHKP
MVP Gold CHKP
Sunday
Jump to solution

Make sure you explicitly put the 'https' into the address bar. It won't auto-redirect from http.

Secret-goblin-5
Contributor
Tuesday
In response to emmap
Jump to solution

Already tried this (been caught out by this before!) but it's not this.

Tried using HTTPS in the address and :443 as well, neither made a difference.

0 Kudos
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
Tuesday
Jump to solution

Any conflicting proxy settings in the browser?

What do you see with tcpdump on the VM when you attempt the HTTPS connection?

CCSM R77/R80/ELITE
Secret-goblin-5
Contributor
Tuesday
In response to Chris_Atkinson
Jump to solution

Not great with TCP dump but this looks to me like the traffic is hitting, but not being responded to, am I correct?

[Expert@gw-93c8fe:0]# tcpdump -i eth0 src net x.x.x.9/32 and tcp and port 443
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
09:03:58.078385 IP x.x.x.9.49953 > gw-93c8fe.https: Flags [SEW], seq 3493860344, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
09:03:58.078522 IP x.x.x.9.49954 > gw-93c8fe.https: Flags [SEW], seq 1790946439, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
09:03:58.329152 IP x.x.x.9.49955 > gw-93c8fe.https: Flags [SEW], seq 3641794275, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
09:03:58.579348 IP x.x.x.9.49953 > gw-93c8fe.https: Flags [S], seq 3493860344, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
09:03:58.579456 IP x.x.x.9.49954 > gw-93c8fe.https: Flags [S], seq 1790946439, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
09:03:58.829606 IP x.x.x.9.49955 > gw-93c8fe.https: Flags [S], seq 3641794275, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
09:03:59.080748 IP x.x.x.9.49954 > gw-93c8fe.https: Flags [S], seq 1790946439, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
09:03:59.080811 IP x.x.x.9.49953 > gw-93c8fe.https: Flags [S], seq 3493860344, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
09:03:59.329783 IP x.x.x.9.49955 > gw-93c8fe.https: Flags [S], seq 3641794275, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
^C
9 packets captured
9 packets received by filter
0 packets dropped by kernel
[Expert@gw-93c8fe:0]#
0 Kudos
Duane_Toler
MVP Silver
MVP Silver
Tuesday
In response to Secret-goblin-5
Jump to solution

Check your allowed-client list and make sure it's "any" (or "any host"):

> show allowed-client all
> add allowed-client host any-host
> show allowed-client all
--
Ansible for Check Point APIs series: https://www.youtube.com/@EdgeCaseScenario and Substack
Secret-goblin-5
Contributor
Tuesday
In response to Duane_Toler
Jump to solution

Thanks, doesn't look like this either

gw-93c8fe> show allowed-client all
Type                  Address                                   Mask Length

Host                  Any
gw-93c8fe> add allowed-client host any-host
gw-93c8fe> show allowed-client all
Type                  Address                                   Mask Length

Host                  Any
gw-93c8fe>

 

Tried on Chrome and Internet Explorer BTW, both failed to show anything.
Proxy settings in Windows are default, IE Auto detect is on, settings themselves are empty.
No proxy is in use in our network.

0 Kudos
Duane_Toler
MVP Silver
MVP Silver
Tuesday
In response to Secret-goblin-5
Jump to solution

Make sure you follow the notes for VMware with R82. There are some virtual hardware changes versus older versions.

https://support.checkpoint.com/results/sk/sk104848

 

--
Ansible for Check Point APIs series: https://www.youtube.com/@EdgeCaseScenario and Substack
Secret-goblin-5
Contributor
yesterday
In response to Duane_Toler
Jump to solution

I used that doc to build the VM.

Apart for disk IO depth and queue IO depth I followed the instructions exactly.

I built a fresh VM and it worked perfectly, so I'm scraping this VM and just using the other one.

 

Thanks for trying to resolve it, but wiping and starting again fixed the issue.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events