cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

get interfaces operation failed

While adding a gateway to a management station the gateway is added , but without interfaces and topology and an error message when establishing trust between management station (SMS) and gateway (GW).

The trust relationship between SMS and GW is showing an error:

"Failed to connect to GW (IP Address: '...').
Please make sure Check Point Services are running on GW, and trust has been established".

But the trust is nevertheless established as this is showing on the General Properties tab of the GW in the SMS / Smart Console (Green tick mark).

And "Test SIC status" button press results in : "SIC Status for GW: Communicating"

And as stated above , in the SMS, the GW is missing interfaces. 

Get interfaces (with or without topology) in the SmartConsole, results in the error:

"get interfaces operation failed for .... (IP of gateway)".

Version R80.10.

Connection to GW is working for both ssh and https.

0 Kudos
7 Replies
Vladimir
Pearl

Re: get interfaces operation failed

Try to perform "fw unloadlocal" on the gateway and repeat the "Get Interfaces".

Although the topology extraction should work with SIC in a good state.

Have you perchance changed any of the Global Properties?

Additionally, if this is a remote gateway, such as at one of the branches of the bank or a retail location, please make sure that your SMS is statically NATed and is not simply hiding behind local gateway's external IP.

0 Kudos

Re: get interfaces operation failed

Did the "fw unloadlocal" and after that another "Get interfaces", but with same result.

"Failed to connect to GW (IP Address: '...').
Please make sure Check Point Services are running on GW, and trust has been established".

The management server is in use for some years  and has similar gateways (indeed remote/branch) added in the past, with  NAT setting "hiding behind local gateway's external IP" ticked on the gateway.

The global properties have not been changed recently but are not default.

 

0 Kudos

Re: get interfaces operation failed

The management station's gateway has static NAT configured with external IP address on the NAT tab , 

On the same tab/page, in the "install on gateway"-box a dummy gateway is selected.

(The dummy gateway is configured elsewhere in the SMS).

On the same NAT tab/page, the  "Apply for Security gateway control connections" box is ticked.

Would manualy added interfaces (for this GW, in SMS) lead to any drawback?

0 Kudos
Admin
Admin

Re: get interfaces operation failed

The main reason to "fetch" the interfaces is to reduce the risk of a potential configuration error, especially with respect to Anti-Spoofing.

Otherwise, it's ok to define them manually.

0 Kudos
Highlighted
Admin
Admin

Re: get interfaces operation failed

Maybe some general troubleshooting of SIC?

How to troubleshoot SIC 

0 Kudos

Re: get interfaces operation failed

Although the commentators above suggested otherwise, SIC and fetching topology are unrelated.

SIC is performed by cpd on TCP, several 18XXX ports, and interfaces are fetched by fwd on a TCP port 256. Make sure fwd is running on the GW and port 256 is not blocked between MGMT and GW.

Re: get interfaces operation failed

Had the same problem. 

Allowing port 256 from SMS to the gateways solved the problem for me.

0 Kudos