cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question
H_Cheng
Nickel

New Install Security Management Server

I am trying to install R80.10 on VMware for my learning. After I install GAIA and configure Security Management Server during the first login GAIA, I am unable to login through SmartConsole. I get “Unable to connect to server. Please make sure that all processes of the server are up and running.”. I checked cpconfig the certificate’s fingerprint is same as SmartConsole prompts, run cpm_status.sh showing CheckPoint Security Management Server is running state. And I have also tried to re-install GAIA with Jumbo Hotfix installed, but I get the same problem.

Do anyone instruct me how I can setup the environment? Is there any log file I can check for problem determination?

Thanks

23 Replies
Admin
Admin

Re: New Install Security Management Server

It can take several minutes before you're able to connect with SmartConsole on the first startup.

What hardware (RAM/disk) did you configure the virtual machine with?

0 Kudos
H_Cheng
Nickel

Re: New Install Security Management Server

I wait for the system startup and load a while, and I checked the CPU utilization with "top" command. I assigned 6G RAM and 4 virtual core. When I login SmartConsole, it can prompt the server's fingerprint and I see there are few more java processes run. But after click to continue login, it returns "Unable to connect to server".

0 Kudos
Admin
Admin

Re: New Install Security Management Server

6gb of RAM is bare minimum and will not provide an optimal experience, especially on VM.

I would allocate at least 8gb of RAM to the VM, more if you intend to use SmartEvent as well.

0 Kudos

Re: New Install Security Management Server

In my LAB it takes around 10 minutes (2 GB RAM, 2 cores).

I am checking "api status" command to see if all proccesses were started (and if API is listening).

Just turn on VM and go for coffee

Kind regards,
Jozko Mrkvicka
H_Cheng
Nickel

Re: New Install Security Management Server

I wait for an hour and I checked "api status" that CPM and FWM are "Started" state but API is "Stopped".

What can I do next to fix it?

Thanks for your support.

0 Kudos

Re: New Install Security Management Server

try "api start" to manually start API. 

Do you have valid license ? What is the output of "cplic print" command?

Kind regards,
Jozko Mrkvicka
0 Kudos
H_Cheng
Nickel

Re: New Install Security Management Server

No license list out. I just downloaded the trial software and install on VMware for testing purpose.

0 Kudos

Re: New Install Security Management Server

You have trial license for 15 days only. As you dont have any listed there, the trial license already expired.

You need to generate 30 days evaluation all-in-one license from your UserCenter.

Kind regards,
Jozko Mrkvicka
0 Kudos
H_Cheng
Nickel

Re: New Install Security Management Server

I just new created VM and installed the GAIA & Management Server. The trial license has not expired.

0 Kudos

Re: New Install Security Management Server

So from now on you have 15 days to do whatever you want. Are you able to connect via SmartConsole now?

Kind regards,
Jozko Mrkvicka
0 Kudos
H_Cheng
Nickel

Re: New Install Security Management Server

Yes, after run "api start" and wait for the process started, I can login the SmartConsole. But, when I restart the firewall, the API does not start automatically.  Is there any configuration I can let it start when the server start/restart?

Thank you for your support.

0 Kudos

Re: New Install Security Management Server

It is somewhere in SmartConsole Settings.

Kind regards,
Jozko Mrkvicka
0 Kudos
Vladimir
Jade

Re: New Install Security Management Server

0 Kudos
H_Cheng
Nickel

Re: New Install Security Management Server

I enable the Automatic start option in Management API - Advanced Settings. Then publish, and run "api restart". After API restarted, I checked all processes (API, CPM, FWM) are Started. However, after "shutdown -r now" to reboot the CPM, the API process still not auto starts. I need to run "api start" manually. Is there any task I missed?

0 Kudos
Vladimir
Jade

Re: New Install Security Management Server

What does the output of $CPMDIR/scripts/check_cpm_status.sh show after restart?

0 Kudos
H_Cheng
Nickel

Re: New Install Security Management Server

/etc/fw/scripts/check_cpm_status.sh shows

CPM server started

0 Kudos
Vladimir
Jade

Re: New Install Security Management Server

0 Kudos

Re: New Install Security Management Server

You can also try to install the latest jumbo hotfix for R80.10.

Kind regards,
Jozko Mrkvicka
H_Cheng
Nickel

Re: New Install Security Management Server

Just tried again today, the API processes can start automatically.

Thanks.

0 Kudos
Vladimir
Jade

Re: New Install Security Management Server

Can you tell us what did the trick to make it start automatically?

H_Cheng
Nickel

Re: New Install Security Management Server

As I remembered that I didn't make any change. I just powered on the VM for testing again on some days after. I keep the memory at 2GB only. I didn't wait too while for the process to start.

Vladimir
Jade

Re: New Install Security Management Server

Use this command to determine status of the management server: $CPMDIR/scripts/check_cpm_status.sh

[Expert@gw-83a11b:0]# $CPMDIR/scripts/check_cpm_status.sh
CPM server started
[Expert@gw-83a11b:0]#

H_Cheng
Nickel

Re: New Install Security Management Server

I checked the status with this script. The Management Server is running.

0 Kudos