cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Dirk_Casomo
Nickel

Cannot Connect with SmartConsole to R77.30 or Earlier Management

Jump to solution

Why is it my newly installed checkpointR77.iso in vmware  have errorr when connecting using R77 smartconsole in windows server2012 ? the server can ping and access the web UI of both gaia gateway FW and gaia management FW. 

1 Solution

Accepted Solutions
Admin
Admin

Re: Cannot Connect with SmartConsole to Fresh Install of R77.30 or Earlier

Jump to solution

Just to summarize (and mark the answer correct), this is a known issue described in the following SK:

Connectivity between SmartDashboard / SmartDomain Manager and Security Management / Multi-Domain Man... 

The TL;DR:

  • On a fresh install of any Check Point version prior to R77.30 with JHF 143, the Internal CA is set with an expiration date 20 years in the future.
  • If done after January 24th 2018, this will result in a date beyond the Unix epoch, which causes this issue.

Workarounds:

  • Use a version unaffected by this issue (R77.30 with JHF 143 and above or R80.10).
  • Get the relevant hotfix for an earlier release from the TAC
  • Prior to starting the installation, backdate the system to a date prior to January 24th 2018.
25 Replies
Admin
Admin

Re: connection cannot be initiated, please make sure

Jump to solution

Known issue for all fresh installs of R77.30 prior to Take 143 and lower after January 24th 2018.

Connectivity between SmartDashboard / SmartDomain Manager and Security Management / Multi-Domain Man... 

Dirk_Casomo
Nickel

Re: connection cannot be initiated, please make sure

Jump to solution

ive tried option

1. Choose 'Certificate Authority' option

2. Press 'y' to initialize the CA

then after there is instruction to run pidof cpca, iver tried not in expert

mode its invalid command, then i tried in expert nothing happens still

cannot be intiated.

On Sun, Feb 11, 2018 at 6:37 AM, Dameon Welch Abernathy <

0 Kudos
Admin
Admin

Re: connection cannot be initiated, please make sure

Jump to solution

The problem is that by default the CA sets the expiration date to 20 years in the future.

That date is beyond what can be stored by the Unix epoch, which is why you cannot reinitialize the CA.

Which means you either need to:

1. Get the appropriate hotfix from TAC

2. Use a version unaffected by this issue (R77.30 with JHF 143 and above or R80.10)

0 Kudos
Dirk_Casomo
Nickel

Re: connection cannot be initiated, please make sure

Jump to solution

this is a fresh install from the R77.30 iso in my vmware, with trial license...can i still be able to download the JHF to solve the problem?

0 Kudos
Highlighted
Admin
Admin

Re: connection cannot be initiated, please make sure

Jump to solution

You should be able to retrieve the latest Jumbo Hotfix from CPUSE prior to completing the First Time Wizard.

0 Kudos
Dirk_Casomo
Nickel

Re: connection cannot be initiated, please make sure

Jump to solution

error connecting to checkpoint cloud

i have already configured default gateway, dns 4.2.2.2 and the firewall can ping the dns, is there anything i miss?

0 Kudos
Admin
Admin

Re: connection cannot be initiated, please make sure

Jump to solution
0 Kudos
Dirk_Casomo
Nickel

Re: connection cannot be initiated, please make sure

Jump to solution

this is the output, what does it mean?

0 Kudos
Admin
Admin

Re: connection cannot be initiated, please make sure

Jump to solution

It would be helpful to see the output of all the commands, not just the last one (which looks successful).

The one previous to the one with Sigcheck looks like it might be interesting to check. 


Or we can skip the troubleshooting and you can just download the offline version of the latest jumbo hotfix. 

Jumbo Hotfix Accumulator for R77.30 (R77_30_jumbo_hf) 

0 Kudos
Dirk_Casomo
Nickel

Re: connection cannot be initiated, please make sure

Jump to solution

is there a way for me to download the horfix so that i can resolve this error, this is a fresh install GAIA R77.30... but the smartdashboard fail to connect..

0 Kudos
Admin
Admin

Re: connection cannot be initiated, please make sure

Jump to solution

Anyone who has a support agreement in place should be able to download the file.

If you do and you're seeing this, please check with Account Services: Contact Support | Check Point Software 

It also appears that we've now included the relevant fix in the R77.30 images available on UserCenter.

  • Effective February 26th 2018, the fix for this issue is included in R77.30 Gaia and Windows images. 
    For more information see Check Point R77.30.

You may be able to obtain temporary authorization to download these files by working with your account team.

0 Kudos
Dirk_Casomo
Nickel

Re: connection cannot be initiated, please make sure

Jump to solution

so that means if i dont have access to that link(my account is not capable) i dont have chance to fix this issue?

0 Kudos
Admin
Admin

Re: connection cannot be initiated, please make sure

Jump to solution

Unfortunately, most bugfixes and software releases are only available to those who are covered by an active Support agreement.

0 Kudos
Dirk_Casomo
Nickel

Re: connection cannot be initiated, please make sure

Jump to solution

how to register that can download the hotfix, my customer has a licensed

device, how to know if he can avail to download?

On Mar 12, 2018 8:16 AM, "Dameon Welch Abernathy" <donotreply@checkpoint.com>

0 Kudos
Admin
Admin

Re: connection cannot be initiated, please make sure

Jump to solution

If the customer has a support agreement, they can can add you as a contact for their User Center account.

This would allow you to download the file.

Account Services should be able to verify entitlement: Contact Support | Check Point Software 

0 Kudos
Dirk_Casomo
Nickel

Re: connection cannot be initiated, please make sure

Jump to solution

they are askin me how can they register, cuz he already made an account but

still cannot download anything. his accoun is just the same as me, how to

make an account is there a link where to key in the serial number or

whatsoever?

On Mar 13, 2018 9:54 PM, "Dameon Welch Abernathy" <donotreply@checkpoint.com>

0 Kudos
Admin
Admin

Re: connection cannot be initiated, please make sure

Jump to solution

Account Services can assist you with these issues.

Contact Support | Check Point Software 

0 Kudos
Admin
Admin

Re: connection cannot be initiated, please make sure

Jump to solution

If you still can't get the hotfix for this, another option is to set the system date to something before 24th January 2018 prior to running the First Time Wizard.

This should allow the creation of the Internal CA to succeed and resolve the issue you are experiencing.

Afterwards, you can reset the system time to the current time.


However, I strongly recommend resolving your entitlement issues so you can download the proper hotfix for this and others you may need.

0 Kudos
Dirk_Casomo
Nickel

Re: connection cannot be initiated, please make sure

Jump to solution

thank you i will try that one

On Mar 15, 2018 8:47 AM, "Dameon Welch Abernathy" <donotreply@checkpoint.com>

0 Kudos
Dirk_Casomo
Nickel

Re: connection cannot be initiated, please make sure

Jump to solution

after importing the file.TAR.gz this is what i receive

0 Kudos
Admin
Admin

Re: connection cannot be initiated, please make sure

Jump to solution

Sounds like the file you are trying to load is somehow corrupt.

I recommend checking the file MD5/SHA1 hash to validate the file you are trying to load the correct file.

0 Kudos

Re: connection cannot be initiated, please make sure

Jump to solution

Finally I was able to resolve my connection issue after a month of investigation. 

Follow
-Fresh Install
-sk81200 Install License Via cli bbecause of no access to Smart Update
-sk92449 Upgrade Service Engine CPUSE
-sk106162 Install Jumbo
-sk122612 to generate a CA via cpconfig Make sure you reboot
Job done

Note you need a Checkpoint Account

0 Kudos
Admin
Admin

Re: connection cannot be initiated, please make sure

Jump to solution

SmartUpdate doesn't require a license to operate.

It does, however, require there be a valid Internal CA, which you didn't have due to the bug described in this thread.

0 Kudos
Admin
Admin

Re: Cannot Connect with SmartConsole to Fresh Install of R77.30 or Earlier

Jump to solution

Just to summarize (and mark the answer correct), this is a known issue described in the following SK:

Connectivity between SmartDashboard / SmartDomain Manager and Security Management / Multi-Domain Man... 

The TL;DR:

  • On a fresh install of any Check Point version prior to R77.30 with JHF 143, the Internal CA is set with an expiration date 20 years in the future.
  • If done after January 24th 2018, this will result in a date beyond the Unix epoch, which causes this issue.

Workarounds:

  • Use a version unaffected by this issue (R77.30 with JHF 143 and above or R80.10).
  • Get the relevant hotfix for an earlier release from the TAC
  • Prior to starting the installation, backdate the system to a date prior to January 24th 2018.
Mike567
Ivory

Re: Cannot Connect with SmartConsole to Fresh Install of R77.30 or Earlier

Jump to solution
Thanks a lot!!!
0 Kudos