GUI is not loading for checkpoint security gateway...

Surendra · ‎2024-09-04

Hi Team

GUI is not loading for checkpoint security gateway's

getting below error.

ERR_SSL_PROTOCOL_ERROR

Duane_Toler · ‎2024-09-04

Looks like you're using Gaia WebUI. This error is from your browser which doesn't like the TLS version being negotiated. Your browser may have a TLS configuration imposed by a GPO from your organization. You can try with Firefox instead to see if that works. For example, depending on your gateway configuration, the Gaia portal may not be able to support TLS 1.3:

https://support.checkpoint.com/results/sk/sk178505

If your GPO enforces TLS 1.3, then this may be your issue.

--
Ansible for Check Point APIs series: https://www.youtube.com/@EdgeCaseScenario and Substack

Lesley · ‎2024-09-04

Can you confirm that this firewall is still running supported software? 90% of the time this error is related to ancient firewall software

-------
Please press "Accept as Solution" if my post solved it 🙂

the_rock · ‎2024-09-04

What version? You can always try change web UI port and test

clish -> set web ssl-port 4434 -> save config -> test

If that fails, I would try open old school Internet explorer and see if that works

https://superuser.com/questions/1824875/where-is-internet-options-now-that-internet-explorer-is-gone

control panel -> internet options -> programs -> manage add-ons -> learn more about toolbars and extensions

Andy

Best,
Andy
"Have a great day and if its not, change it"

PhoneBoy · ‎2024-09-04

What version/JHF is the device?
Older (out of support) versions may not support the ciphers mandated by current web browsers.

Surendra · ‎2024-09-05

R81_10_JUMBO_HF_MAIN Take: 139

the_rock · ‎2024-09-05

Did you try what we suggested?

Andy

Best,
Andy
"Have a great day and if its not, change it"

PhoneBoy · ‎2024-09-05

Did you check to see if your organization enforces the use of TLS 1.3 as suggested by @Duane_Toler ?

Surendra · ‎2024-09-06

organization enforced to use TLS 1.2 and same is configured in gateway as well.

PhoneBoy · ‎2024-09-06

Can you reach the gateway via other means (e.g. ssh)?
What is the network path between your client and the gateway and does it include any other firewalls?

Surendra · ‎2024-09-20

VPN blade is not enabled, what is the process for renewal for self signed certificate in gateway ?

self signed certificate renewal fixed the issue.

the_rock · ‎2024-09-20

Thats odd, can you send screenshot of that vpn tab? How did you renew it if blade is not even on??

Best,
Andy
"Have a great day and if its not, change it"

Surendra · ‎2024-09-20

CP Support did that, i am not sure about that.

the_rock · ‎2024-09-20

Do you have commands they ran?

Andy

Best,
Andy
"Have a great day and if its not, change it"

Lesley · ‎2024-09-20

This is documented in https://support.checkpoint.com/results/sk/sk97792

VPN certificate is not only used for interal VPN but also for:

Multi-Portals (Mobile Access Portal, Identity Awareness Captive Portal, User Check Portal, and so on).
Gaia Portal with enabled Multi-Portal feature.

-------
Please press "Accept as Solution" if my post solved it 🙂

the_rock · ‎2024-09-20

Ah, that sk...seen it before, though personally, I always thought there was an easier way to do this rather than enabling/disabling the blade 🙂

Andy

Best,
Andy
"Have a great day and if its not, change it"

Are you a member of CheckMates?

GUI is not loading for checkpoint security gateway's