This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Matlu
Advisor
‎2023-08-03 07:38 AM
Jump to solution

Access to GAIA PORTAL

Hello, team.

I have an infrastructure inherited from a previous administrator, but he forgot the access credentials to the GW (We have a cluster of 6000 computers).

Cluster Object IP: 200.60.21.100
PASSIVE FW IP: 10.7.15.67
IP FW ACTIVE: 10.7.15.66

I have tried to access by GAIA PORTAL to the active member, because we need to delete some static routes, but when I try with the https://10.7.15.66, it does not open the GAIA PORTAL.

I have the impression that the access is with a different port, but we don't have that data at hand.

Is there any way to know which port opens the GAIA PORTAL?

P.S. I do have access to the GW CLI active.

Greetings.

0 Kudos
1 Solution

Accepted Solutions
8 Replies
the_rock
Legend
Legend
‎2023-08-03 07:47 AM
Jump to solution

Yes, do this from clish:

[Expert@quantum-firewall:0]# clish
quantum-firewall> show web ssl
ssl-port - Web configuration tool SSL port number
ssl3-enabled - Allow using SSL3 to access the web configuration tool
quantum-firewall> show web ssl-p
quantum-firewall> show web ssl-port
web-ssl-port 4434
quantum-firewall>

 

Andy

0 Kudos
Matlu
Advisor
‎2023-08-03 07:53 AM
In response to the_rock
Jump to solution

Thank you for your response.

I have to delete several static routes, and I see it more "feasible" to do it from the GAIA PORTAL.

One question, please, in a GW Cluster, do you have to delete the routes in both Firewalls?
Or is it enough to just delete them from the active member?

Cheers. 🙂

the_rock
Legend
Legend
‎2023-08-03 07:57 AM
In response to Matlu
Jump to solution

In a cluster, configs should match on both members. Unlike Fortinet or Cisco, as you know, with CP, it has to be done manually, does not sync to backup member when you do change on master.

Andy

0 Kudos
Matlu
Advisor
‎2023-08-03 08:07 AM
In response to the_rock
Jump to solution

Now everything is clearer.

🙂

What I am sure of is that it is not necessary to send to install policies, as far as "add/remove" routes that are created either by CLI/GAIA PORTAL, right?

Thanks, Buddy.

0 Kudos
the_rock
Legend
Legend
‎2023-08-03 08:42 AM
In response to Matlu
Jump to solution

Correct...to add/remove routes, do it on both firewalls, does NOT need policy install.

Andy

0 Kudos
Matlu
Advisor
‎2023-08-03 08:59 AM
In response to the_rock
Jump to solution

A question,

Is it a normal behavior of the Firewall Checkpoint, to make any kind of change at GAIA PORTAL level, and to be sure that the changes are automatically applied, without the need to give a "save", as it is normally done through the CLI?

Since I have seen that difference, in the GAIA PORTAL, you simply change what you need.

In the CLI, you usually always give a "save config" because otherwise I understand that it does not "apply" the change.

Is this normal?

0 Kudos
the_rock
Legend
Legend
‎2023-08-03 09:01 AM
In response to Matlu
Jump to solution

Right, in clish you just run save config to save all the commands you ran. In web UI, if there is apply or save, you click that, if not, then no need. Whatever gets saved in clish, will be reflected in web UI as well.

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top