- CheckMates
- :
- Products
- :
- General Topics
- :
- Re: Smartconsole cant connect to firewall in GNS3
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Smartconsole cant connect to firewall in GNS3
Hi everyone,
I am new to Checkpoint software and firewalls and have been having a nightmare using smart console to connect to a firewall within GNS3, it worked fine at first but has since stopped connecting completely. I find this strange as i can ping the gateway from my PC and can also connect to gaia with no issues. The gateway shows that half the packets are dropped (although ive seen times where there was a higher % of packets dropped). Any help on the problem would be greatly appreciated.
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Just to give a quick update...Joe and I did remote session and after testing for a bit, we decided to do reinstall of R80.10 and it turned out that default gateway was mistyped, so once that was fixed and initial wizard done, we could ping google dns and dashboard also loaded fine.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
There is no SmartConsole on a gateway. Do you mean WebUI?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I mean a gateway that is connected to the internet in GNS3, allowing me to connect to gaia and smartconsole outside of GNS3.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You do not connect to the gateways with SmartConsole. You use SmartConsole with your management server. Are you running a standalone config?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Sorry for the confusion, I assume im using a standalone config as I am only using the Checkpoint firewall r80.10? I have seen that the endpoint security management server isnt activated and wont be started when I run cpstart if thats any help.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Once again, I urge you to run through Check Point for Beginners materials available under Learn/Check Point for Beginners/network security in this forum, before doing anything else.
Standalone means you are running both security gateway and a management server on the same machine. Can you connect to your VM at all with ssh, https, anything?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Val,
Yes thats my current setup, and yes I can console into the firewall as well as access the webUI its just SmartConsole which doesnt connect. Are there any commands I can run to help you better understand the problem?
Thanks,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You still do not answer my original question. Do you or don't you run both GW and MGMT on the same VM?
If the asnwer is yes then:
1. Try running "fw unloadlocal" and connect with SmartConsole. If that works, your policy blocks SmartConsole, change it.
2. If p.1 did not bring any luck, run $FWDIR/scripts/cpm_status.sh to see if your MGMT is up. If the output says: "Check Point Security Management Server is running and ready", go to step 3. If not, something is wrong with MGMT server.
3. If you get to this point, check that
- your VM has at least 2 CPUs and 8 GB RAM, with at least 32GB HDD
- look into GUI clients definition, as @the_rock suggested, with cpconfig, option 3
4. If nothing helps, try CP4B materials and work them through, before anything else, to get a better understanding of how CP things work. And then get another trial.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I am running them on the same VM
1. Still cant connect
2.get "checkpoint security management server is during initialization" - followed sk145200 and sk172866 with no success
3.VM meets those specs and cpconfig returns error connecting to database
I have also tried sk121174 and sk119732 and sk169032
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Something is very wrong with your machine, re-install.
Also, do not use R80.10, it is a very old version. And once again, GNS3 is not a good platform
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Unfortunately I have to use GNS3 for this project, Thanks for your help regardless though 🙂
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
K, message me privately, I will do my best to help you out, lets do remote session. Im in EST...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I would do what @_Val_ mentioned. I really suspect something got corrupt with your machine with the install...I mean, you can try reboot it, but if that fails, then not sure what else you can do but re-install. Maybe try esxi install and do separate mgmt and firewall, dont do standalone config.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Also, GNS3 is not a supported virtualization platform. If you are using it to learn Check Point, I would rather suggest CP4B and associated virtual labs. They are free of charge.
https://community.checkpoint.com/t5/Check-Point-for-Beginners-2-0/Network-Security-Virtual-Labs/ba-p...
https://community.checkpoint.com/t5/custom/page/page-id/CommunityBeginnersChild?cat=2
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Val asked a good clarification question...do you mean actual web UI to access the firewall via browser or the actual smart console to connect to the management server? If its the actual smart console itself, maybe ssh into management server and choose option for gui clients and see what it says (like example below)
[Expert@management]cpconfig
This program will let you re-configure
your Check Point Security Management Server configuration.
Configuration Options:
----------------------
(1) Licenses and contracts
(2) Administrator
(3) GUI Clients
(4) SNMP Extension
(5) Random Pool
(6) Certificate Authority
(7) Certificate's Fingerprint
(8) Automatic start of Check Point Products
(9) Exit
Enter your choice (1-9) :3
Configuring GUI Clients...
==========================
GUI Clients are trusted hosts from which
Administrators are allowed to log on to this Security Management Server.
You have selected the following hosts to be GUI Clients:
Any
Do you want to modify this list (y/n) [y] ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi the_rock
I mean actual smartconsole access, I get the error failed to connect to database although im not sure what database it refers to?
Thanks,
Joe
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
what does fw stat show? If it says initial policy. do fw unloadlocal and try again.
Andy
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have already ran unloadlocal and it says policy is standard
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Just to give a quick update...Joe and I did remote session and after testing for a bit, we decided to do reinstall of R80.10 and it turned out that default gateway was mistyped, so once that was fixed and initial wizard done, we could ping google dns and dashboard also loaded fine.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
R81 is the widely recommended version, R80.10 is almost End of Support.
GNS3 isn’t an officially supported virtualization environment, though I believe it uses KVM under the hood, which should work, especially in the latest versions.
We have actual KVM images here: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...