Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Danny
Champion Champion
Champion

HowTo: Use SSH tunnels with Check Point

SSH tunnels are very helpful to tunnel required traffic through a working SSH connection.

Pro:

  • If SSH is already working, other traffic can be routed through it without the need for additional rules / policy install

Prerequisites:

  • SSH tunneling needs to be enabled
    • temporarily: sed -i 's/^AllowTcpForwarding no/AllowTcpForwarding yes/' /etc/ssh/sshd_config && sshd restart
    • permanently: see sk106031
  • Host Access / GUI Clients might need to be adjusted to allow connections from the system that tunnels the traffic (source ip or 127.0.0.1 in case your tunnel's destination is the local system)
  • SSH session timeout should be unset while tunneling traffic via: unset TMOUT

Use cases:

  • Troubleshooting connectivity issues
    • Example: if your normal SmartConsole connection to the SmartCenter Server doesn't work anymore (VPN down or something else) but you can still connect to the firewall gateway via SSH, you can simply tunnel SmartConsole connections through the gateway
  • .. 

Establishing a SSH tunnel:

  • Example for a SmartConsole connection:
    • According to sk52421 ports 443, 18190, 18210 and 19009 need to be tunneled to the SmartCenter Server
    • the Putty way:
      image.png
    • recent Windows versions have an OpenSSH client built-in, so you can also open a CMD terminal and establish an SSH tunnel via CLI using the ssh -L parameter
    • and of course any other SSH client of your choice should work as well
    • after the SSH tunnel is established you can then start SmartConsole like this and the traffic is piped through the SSH tunnel:
      image.png
0 Replies

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events