cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

Change GAIA SSL-Port R80.20

Jump to solution

Hi Guys,

I'm preparing for CCSA R80 and when I try to change the SSL-Port from Gaia through clish, the following output is given:

cp-mgmt> set web ssl-port 4434
WARNING This command is for initial use. SSL port should be set through SmartCon
sole. Changing the port may cause inconsistency with the settings on the SmartCo
nsole.
Are you sure you want to continue?(Y/N)[N]
n

I cannot find any option to set the ssl-port for a GAIA system from SmartConsole.
The SecurityManagement Guide for R80.20 got no hits, when searching for "ssl-port"

Does anyone know where to find that option?

Best Regard

Johannes

0 Kudos
1 Solution

Accepted Solutions

Re: Change GAIA SSL-Port R80.20

Jump to solution

Johannes, the command set web ssl-port <port number> is correct and, remember, after execute this command you need to save this configuration with "save config". To verify you could run " grep 'httpd:ssl_port' /config/db/initial  "

sk91380

(8) Changing the Gaia Portal port in Clish results in warning

"WARNING This command is for initial use. SSL port should be set through SmartDashboard. Changing the port may cause inconsistency with the settings on the SmartDashboard. Are you sure you want to continue?(Y/N)
[N] 
"It is recommended to change the port using the Platform Portal section of the object in SmartDashboard. 
Add the port to the end of the Main URL and push policy. "show web ssl-port" should now display the port in the Main URL
Show / Hide Solution 

For Security Gateway:

In SmartConsole, perform:
  1. Open the Security Gateway / Cluster object and go to the "Platform Portal" pane.
  2. In the "Main URL" field, set the desired port (e.g., port 4434):
    https://IP_ADDRESS:PORT
  3. Click on OK to apply the changes.
  4. Install the security policy on this Security Gateway / Cluster object.
Note: Using Clish to change portal port on Security Gateway will be overwritten on a policy installation. After the change the httpd process can be seen listening to the new port with "netstat -lpn|grep port". Port 443 is handled by he mpdaemon and will not be listed in netstat.

For Security Management Server:

  1. Connect to command line on Security Management Server and log in to Clish.
  2. Set the desired port (e.g., port 4434):
    HostName> set web ssl-port <Port_Number>
  3. Save the changes: HostName> save config
  4. Verify that the configuration was saved:
    [Expert@HostName]# grep 'httpd:ssl_port' /config/db/initial
5 Replies

Re: Change GAIA SSL-Port R80.20

Jump to solution

Here we go: Platform portal under GW object. 

Now, the main question is, why do you want to change SSL portal port from the default one?

0 Kudos

Re: Change GAIA SSL-Port R80.20

Jump to solution

yeah, that looks good.

But it seems, that you cannot change the default port for a mgmt server.

I guess you still need to change the admin-port from 443 to 4434 like in R77 when configuring CaptivePortal or sth. which also uses port 443.

But strange - when I add a new Gateway, the menu looks like the one in the picture, no Platform Portal branch

0 Kudos

Re: Change GAIA SSL-Port R80.20

Jump to solution

Yes and no. 

In your example, you are on SMS. There is no Captive portal or any other GW side functionality, so no need to change SSL port. You still have Platform Portal option for GWs, as shown above.

0 Kudos

Re: Change GAIA SSL-Port R80.20

Jump to solution

On SMS/MDM the Gaia Port can be defined using the clish command „set web ssl-port“.

This is then default port for Gaia, Smartview, REST-API.


On gateways and clusters the platform portal is defining the Gaia Port but you can define different ports for UserCheck, MAB, IA CaptivePortal and maybe I forgot others.


In background everything is handled by multi-portal daemon which forwards requests on relevant port and path to relevant daemon/functionality listening on high-port.

Re: Change GAIA SSL-Port R80.20

Jump to solution

Johannes, the command set web ssl-port <port number> is correct and, remember, after execute this command you need to save this configuration with "save config". To verify you could run " grep 'httpd:ssl_port' /config/db/initial  "

sk91380

(8) Changing the Gaia Portal port in Clish results in warning

"WARNING This command is for initial use. SSL port should be set through SmartDashboard. Changing the port may cause inconsistency with the settings on the SmartDashboard. Are you sure you want to continue?(Y/N)
[N] 
"It is recommended to change the port using the Platform Portal section of the object in SmartDashboard. 
Add the port to the end of the Main URL and push policy. "show web ssl-port" should now display the port in the Main URL
Show / Hide Solution 

For Security Gateway:

In SmartConsole, perform:
  1. Open the Security Gateway / Cluster object and go to the "Platform Portal" pane.
  2. In the "Main URL" field, set the desired port (e.g., port 4434):
    https://IP_ADDRESS:PORT
  3. Click on OK to apply the changes.
  4. Install the security policy on this Security Gateway / Cluster object.
Note: Using Clish to change portal port on Security Gateway will be overwritten on a policy installation. After the change the httpd process can be seen listening to the new port with "netstat -lpn|grep port". Port 443 is handled by he mpdaemon and will not be listed in netstat.

For Security Management Server:

  1. Connect to command line on Security Management Server and log in to Clish.
  2. Set the desired port (e.g., port 4434):
    HostName> set web ssl-port <Port_Number>
  3. Save the changes: HostName> save config
  4. Verify that the configuration was saved:
    [Expert@HostName]# grep 'httpd:ssl_port' /config/db/initial