Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
joeywoody
Participant
Jump to solution

Smartconsole cant connect to firewall in GNS3

Hi everyone,

I am new to Checkpoint software and firewalls and have been having a nightmare using smart console to connect to a firewall within GNS3, it worked fine at first but has since stopped connecting completely. I find this strange as i can ping the gateway from my PC and can also connect to gaia with no issues. The gateway shows that half the packets are dropped (although ive seen times where there was a higher % of packets dropped). Any help on the problem would be greatly appreciated.

 

 

0 Kudos
1 Solution

Accepted Solutions
the_rock
Legend
Legend

Just to give a quick update...Joe and I did remote session and after testing for a bit, we decided to do reinstall of R80.10 and it turned out that default gateway was mistyped, so once that was fixed and initial wizard done, we could ping google dns and dashboard also loaded fine.

View solution in original post

19 Replies
_Val_
Admin
Admin

There is no SmartConsole on a gateway. Do you mean WebUI?

joeywoody
Participant

I mean a gateway that is connected to the internet in GNS3, allowing me to connect to gaia and smartconsole outside of GNS3.

0 Kudos
_Val_
Admin
Admin

You do not connect to the gateways with SmartConsole. You use SmartConsole with your management server. Are you running a standalone config?

joeywoody
Participant

Sorry for the confusion, I assume im using a standalone config as I am only using the Checkpoint firewall r80.10? I have seen that the endpoint security management server isnt activated and wont be started when I run cpstart if thats any help.

0 Kudos
_Val_
Admin
Admin

Once again, I urge you to run through Check Point for Beginners materials available under Learn/Check Point for Beginners/network security in this forum, before doing anything else.

Standalone means you are running both security gateway and a management server on the same machine. Can you connect to your VM at all with ssh, https, anything? 

joeywoody
Participant

Hi Val,

 Yes thats my current setup, and yes I can console into the firewall as well as access the webUI its just SmartConsole which doesnt connect. Are there any commands I can run to help you better understand the problem?

Thanks,

0 Kudos
_Val_
Admin
Admin

You still do not answer my original question. Do you or don't you run both GW and MGMT on the same VM?

If the asnwer is yes then:

1. Try running "fw unloadlocal" and connect with SmartConsole. If that works, your policy blocks SmartConsole, change it.

2. If p.1 did not bring any luck, run  $FWDIR/scripts/cpm_status.sh to see if your MGMT is up. If the output says: "Check Point Security Management Server is running and ready", go to step 3. If not, something is wrong with MGMT server.

3. If you get to this point, check that

  • your VM has at least 2 CPUs and 8 GB RAM, with at least 32GB HDD
  • look into GUI clients definition, as @the_rock suggested, with cpconfig, option 3

4. If nothing helps, try CP4B materials and work them through, before anything else, to get a better understanding of how CP things work. And then get another trial.

joeywoody
Participant

I am running them on the same VM

1. Still cant connect

2.get "checkpoint security management server is during initialization" - followed sk145200 and sk172866 with no success

3.VM meets those specs and cpconfig returns error connecting to database

I have also tried sk121174 and sk119732 and sk169032

0 Kudos
_Val_
Admin
Admin

Something is very wrong with your machine, re-install. 

Also, do not use R80.10, it is a very old version. And once again, GNS3 is not a good platform 

joeywoody
Participant

Unfortunately I have to use GNS3 for this project, Thanks for your help regardless though 🙂

0 Kudos
the_rock
Legend
Legend

K, message me privately, I will do my best to help you out, lets do remote session. Im in EST...

the_rock
Legend
Legend

I would do what @_Val_ mentioned. I really suspect something got corrupt with your machine with the install...I mean, you can try reboot it, but if that fails, then not sure what else you can do but re-install. Maybe try esxi install and do separate mgmt and firewall, dont do standalone config. 

_Val_
Admin
Admin

Also, GNS3 is not a supported virtualization platform. If you are using it to learn Check Point, I would rather suggest CP4B and associated virtual labs. They are free of charge.

https://community.checkpoint.com/t5/Check-Point-for-Beginners-2-0/Network-Security-Virtual-Labs/ba-p...

https://community.checkpoint.com/t5/custom/page/page-id/CommunityBeginnersChild?cat=2

the_rock
Legend
Legend

Val asked a good clarification question...do you mean actual web UI to access the firewall via browser or the actual smart console to connect to the management server? If its the actual smart console itself, maybe ssh into management server and choose option for gui clients and see what it says (like example below)

 

[Expert@management]cpconfig
This program will let you re-configure
your Check Point Security Management Server configuration.


Configuration Options:
----------------------
(1) Licenses and contracts
(2) Administrator
(3) GUI Clients
(4) SNMP Extension
(5) Random Pool
(6) Certificate Authority
(7) Certificate's Fingerprint
(8) Automatic start of Check Point Products

(9) Exit

Enter your choice (1-9) :3

 

Configuring GUI Clients...
==========================
GUI Clients are trusted hosts from which
Administrators are allowed to log on to this Security Management Server.
You have selected the following hosts to be GUI Clients:
Any

Do you want to modify this list (y/n) [y] ?

joeywoody
Participant

Hi the_rock

I mean actual smartconsole access, I get the error failed to connect to database although im not sure what database it refers to?

Thanks,

Joe

0 Kudos
the_rock
Legend
Legend

what does fw stat show? If it says initial policy. do fw unloadlocal and try again.

 

Andy

joeywoody
Participant

I have already ran unloadlocal and it says policy is standard

0 Kudos
the_rock
Legend
Legend

Just to give a quick update...Joe and I did remote session and after testing for a bit, we decided to do reinstall of R80.10 and it turned out that default gateway was mistyped, so once that was fixed and initial wizard done, we could ping google dns and dashboard also loaded fine.

PhoneBoy
Admin
Admin

R81 is the widely recommended version, R80.10 is almost End of Support.
GNS3 isn’t an officially supported virtualization environment, though I believe it uses KVM under the hood, which should work, especially in the latest versions.
We have actual KVM images here: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events